﻿// DisposeResult.cpp : implementation file
//

#include "stdafx.h"
#include "TOOLBOX4.h"
#include "DisposeResult.h"
//#include "GetSystemSetting.h"
#include "LogAnalyze.h"
#include <locale.h>
#include <sqlite3.h>
//#include "GetUsbRecordEx.h"



IMPLEMENT_DYNAMIC(CDisposeResult, CWnd)


static sqlite3*sDb = NULL;

CDisposeResult::CDisposeResult()
{
	// 即时通讯软件
	CString SoftWare1 = _T("KakaoTalk");
	CString SoftWare2 = _T("Skype");
	CString SoftWare3 = _T("腾讯QQ");
	CString SoftWare4 = _T("微信");
	CString SoftWare5 = _T("陌陌");
	CString SoftWare6 = _T("Line");
	CString SoftWare7 = _T("飞秋");
	CString SoftWare8 = _T("飞鸽传书");
	CString SoftWare9 = _T("Windows Live Messenger（MSN）");
	m_vIMsoftware.push_back(SoftWare1);
	m_vIMsoftware.push_back(SoftWare2);
	m_vIMsoftware.push_back(SoftWare3);
	m_vIMsoftware.push_back(SoftWare4);
	m_vIMsoftware.push_back(SoftWare5);
	m_vIMsoftware.push_back(SoftWare6);
	m_vIMsoftware.push_back(SoftWare7);
	m_vIMsoftware.push_back(SoftWare8);
	m_vIMsoftware.push_back(SoftWare9);

	// 邮件客户端
	CString Email1 = _T("Foxmail");
	CString Email2 = _T("网易闪电邮");
	CString Email3 = _T("梦幻快车DreamMail");
	CString Email4 = _T("Mozilla Thunderbird");
	CString Email5 = _T("Becky! Internet Mail version 2");
	CString Email6 = _T("指北针邮件群发软件");
	m_vEmailSoftware.push_back(Email1);
	m_vEmailSoftware.push_back(Email2);
	m_vEmailSoftware.push_back(Email3);
	m_vEmailSoftware.push_back(Email4);
	m_vEmailSoftware.push_back(Email5);
	m_vEmailSoftware.push_back(Email6);

	// 虚拟机软件(由于不确定名称,所以都用小写判断)
	CString VM1 = _T("virtual pc");
	CString VM2 = _T("vmware workstation");
	CString VM3 = _T("virtualbox");
	CString VM4 = _T("vmware player");
	CString VM5 = _T("kernel-based virtual machine");
	CString VM6 = _T("kvm");
	CString VM7 = _T("openvz");
	CString VM8 = _T("lguest");
	CString VM9 = _T("vmlite workstation");
	CString VM10 = _T("qwmu虚拟机模拟器");
	CString VM11 = _T("vbox虚拟机");
	CString VM12 = _T("超玩虚拟机");
	CString VM13 = _T("prayaya v3虚拟系统");
	CString VM14 = _T("wine");
	CString VM15 = _T("greenvbox");

	m_vVMsoftware.push_back(VM1);
	m_vVMsoftware.push_back(VM2);
	m_vVMsoftware.push_back(VM3);
	m_vVMsoftware.push_back(VM4);
	m_vVMsoftware.push_back(VM5);
	m_vVMsoftware.push_back(VM6);
	m_vVMsoftware.push_back(VM7);
	m_vVMsoftware.push_back(VM8);
	m_vVMsoftware.push_back(VM9);
	m_vVMsoftware.push_back(VM10);
	m_vVMsoftware.push_back(VM11);
	m_vVMsoftware.push_back(VM12);
	m_vVMsoftware.push_back(VM13);
	m_vVMsoftware.push_back(VM14);
	m_vVMsoftware.push_back(VM15);
}

CDisposeResult::~CDisposeResult()
{
}

void DeletePointer2(char * p)
{
	if(p != NULL)
	{
		delete []p;
		p = NULL;
	}
}


std::vector<PSOFTWAREINFO> CDisposeResult::m_vInstalledIM;
std::vector<PSOFTWAREINFO> CDisposeResult::m_vInstalledEmail;
std::vector<PSOFTWAREINFO> CDisposeResult::m_vInstalledVM;
std::vector<PSOFTWAREINFO> CDisposeResult::m_vInstalledOther;
std::vector<PFILEOPRATIONLIGHTCHECK> CDisposeResult::m_vFilOprationLightCheck;
//vector<PNETDEEPRESULT> CDisposeResult::m_vNetDeepResult;

//vector<PUSBDEEPRESULT> CDisposeResult::m_vUsbDeepResult;

std::vector<std::pair<char*, int>> CDisposeResult::m_vCaption;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent1;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent2;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent3;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent4;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent5;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent6;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent65;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent7;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent8;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent9;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent10;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent11;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent12;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent13;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent14;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent15;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent16;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent17;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent18;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent19;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent20;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent21;
std::vector<std::pair<char*, int>> CDisposeResult::m_vContent22;

std::vector<std::pair<char*, int>> CDisposeResult::m_vEnding;

std::vector<std::pair<char*, int>> CDisposeResult::m_vLogCaption1;
std::vector<std::pair<char*, int>> CDisposeResult::m_vLogCaption2;
std::vector<std::pair<char*, int>> CDisposeResult::m_vLogCaption3;
std::vector<std::pair<char*, int>> CDisposeResult::m_vLogCaption4;

std::vector<std::vector<CString>> CDisposeResult::m_vWebLogRst;
std::vector<std::vector<CString>> CDisposeResult::m_vWebFileRst;
std::vector<std::vector<CString>> CDisposeResult::m_vSysLogRst;
std::vector<std::vector<CString>> CDisposeResult::m_vAppLogRst;
std::vector<std::vector<CString>> CDisposeResult::m_vSecLogRst;
std::vector<std::vector<CString>> CDisposeResult::m_vFileTraceRst;
std::vector<std::vector<CString>> CDisposeResult::m_vNetLigRst;
std::vector<std::vector<CString>> CDisposeResult::m_vNetDeepRst;
std::vector<std::vector<CString>> CDisposeResult::m_vPortRst;
std::vector<std::vector<CString>> CDisposeResult::m_vProcessRst;
std::vector<std::vector<CString>> CDisposeResult::m_vServiceRst;
std::vector<std::vector<CString>> CDisposeResult::m_vSoftWareRst;
std::vector<std::vector<CString>> CDisposeResult::m_vAuthSecRst;
std::vector<std::vector<CString>> CDisposeResult::m_vAccountSecRst;
std::vector<std::vector<CString>> CDisposeResult::m_vServiceSecRst;
std::vector<std::vector<CString>> CDisposeResult::m_vPasswordSecRst;
std::vector<std::vector<CString>> CDisposeResult::m_vNetSecRst;
std::vector<std::vector<CString>> CDisposeResult::m_vFileSecRst;
std::vector<std::vector<CString>> CDisposeResult::m_vFileShareRst;
std::vector<std::vector<CString>> CDisposeResult::m_vUSBLigRst;
std::vector<std::vector<CString>> CDisposeResult::m_vUSBDeepRst;
std::vector<std::vector<CString>> CDisposeResult::m_vSysPatchRst;
std::vector<std::vector<CString>> CDisposeResult::m_vNetWorkCardRst;

std::vector<std::vector<char*>> CDisposeResult::m_vWebLogRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vWebFileRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vSysLogRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vAppLogRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vSecLogRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vFileTraceRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vNetLigRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vNetDeepRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vPortRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vProcessRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vServiceRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vSoftWareRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vAuthSecRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vAccountSecRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vServiceSecRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vPasswordSecRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vNetSecRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vFileSecRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vFileShareRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vUSBLigRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vUSBDeepRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vSysPatchRstLast;
std::vector<std::vector<char*>> CDisposeResult::m_vNetWorkCardRstLast;


CYunDunUtility * CDisposeResult::util_sysLog;

std::vector<std::map<std::string,std::wstring>> CDisposeResult::m_svSysLog;

CYunDunUtility* CDisposeResult::util_secLog;

std::vector<std::map<std::string,std::wstring>> CDisposeResult::m_svSecLog;

CString CDisposeResult::m_strMacAddr = NULL;

void WriteHtml(CStdioFile &file, std::vector<std::pair<char*, int>> &vt);
void WriteResult(CStdioFile &file, std::vector<std::vector<char*>> &vt);
void ClearVector2(std::vector<std::vector<char*>> &vt);

//UTF8ToUnicode:UTF8字符串转换成Unicode编码
CString UTF8ToUnicode(const std::string &sUTF8)
{
	DWORD dwUnicodeLen;        //转换后Unicode的长度
	TCHAR *pwText;             //保存Unicode的指针
	CString strUnicode;        //返回值

	//获得转换后的长度，并分配内存
	dwUnicodeLen = MultiByteToWideChar(CP_UTF8,0,sUTF8.c_str(),-1,NULL,0);
	pwText = new TCHAR[dwUnicodeLen];
	memset(pwText,0, dwUnicodeLen);
	if (!pwText)
	{
		return strUnicode;
	}
	//转为Unicode
	MultiByteToWideChar(CP_UTF8,0,sUTF8.c_str(),-1,pwText,dwUnicodeLen);

	//转为CString
	strUnicode.Format(_T("%s"),pwText);

	//清除内存
	delete []pwText;
	//返回转换好的Unicode字串
	return strUnicode;
}

char * ReadHtml(char *p, std::vector<std::pair<char*, int>> &vt, const TCHAR  *pszSub)
{
	while(1)
	{
		char ch[256] = {0};
		int i;
		for(i = 0; i < 255; i++)
		{
			ch[i] = *p++;
			if(*p == '\n')
				break;
		}
		CString str(ch);
		//AfxMessageBox(str);
		if(str.Find(pszSub) != -1)
		{
			break;
		}
		char *p1 = new char[i+1];
		memcpy(p1, ch, i+1);
		//CString tt;
		//tt.Format(_T("%d,%d"), i+1, strlen(p1));
		//AfxMessageBox(tt);
		std::pair<char*, int> pr(p1, i+1);
		vt.push_back(pr);
	}
	return p;
}

// *将存放html模板的容器写入文件
void WriteHtml(CStdioFile &file, std::vector<std::pair<char*, int>> &vt)
{
	std::vector<std::pair<char*, int>>::iterator it = vt.begin();
	for(;it != vt.end(); it++)
	{
		file.Write((*it).first, (*it).second); 
		//if((*it).first != NULL)
		//	delete [](*it).first;
		//it = vt.erase(it);
	}
}

// 将Unicode 编码的结果   转成 UTF-8
void TransResult(std::vector<std::vector<CString>> &vtSrc, std::vector<std::vector<char*>> &vtDest)
{
	//vtDest.clear();
	ClearVector2(vtDest);
	if(vtSrc.empty())
		return;
	std::vector<std::vector<CString>>::iterator it = vtSrc.begin();
	for(; it != vtSrc.end(); it++)
	{
		if((*it).empty())
			continue;
		std::vector<char*> vt;
		std::vector<CString>::iterator it1 = (*it).begin();
		for(; it1 != (*it).end(); it1++)
		{
			DWORD dwNum = WideCharToMultiByte(CP_UTF8,NULL,*it1,-1,NULL,NULL,0,NULL);  
			char *cResult = new char[dwNum+1];
			memset(cResult, 0, dwNum+1);    
			WideCharToMultiByte(CP_UTF8,NULL,*it1,-1,cResult,dwNum,0,NULL); 
			vt.push_back(cResult);	
		}
		vtDest.push_back(vt);
		//(*it).clear();
	}
	//vtSrc.clear();
}

// 清空容器 Unicode
void ClearVector(std::vector<std::vector<CString>> &vt)
{
	if(vt.empty())
		return;

	std::vector<std::vector<CString>>::iterator it = vt.begin();
	for (; it != vt.end(); it++)
	{
		if((*it).empty())
			continue;
		(*it).clear();
	}
	vt.clear();
}

// 清空容器 UTF-8
void ClearVector2(std::vector<std::vector<char*>> &vt)
{
	if(vt.empty())
		return;

	std::vector<std::vector<char*>>::iterator it = vt.begin();
	for(; it != vt.end(); it++)
	{
		if((*it).empty())
			continue;
		std::vector<char*>::iterator it1 = (*it).begin();
		for(; it1 != (*it).end(); it1++)
		{
			if(*it1 != NULL)
			{
				delete [](*it1);
				*it1 = NULL;
			}
		}
		(*it).clear();
	}
	vt.clear();
}

// 清空容器 html模板
void ClearVector3(std::vector<std::pair<char*, int>> &vt)
{
	if(vt.empty())
		return;

	std::vector<std::pair<char*, int>>::iterator it = vt.begin();
	for(; it != vt.end(); it++)
	{
		if((*it).first != NULL)
		{
			delete [](*it).first;
			(*it).first = NULL;
		}
	}
	vt.clear();
}

// 清空全部  存放Unicode结果的容器 vector<vector<CString>>
void CDisposeResult::MyClearVector()
{
	ClearVector(m_vWebLogRst);
	ClearVector(m_vWebFileRst);
	ClearVector(m_vSysLogRst);
	ClearVector(m_vAppLogRst);
	ClearVector(m_vSecLogRst);
	ClearVector(m_vFileTraceRst);
	ClearVector(m_vNetLigRst);
	ClearVector(m_vNetDeepRst);
	ClearVector(m_vPortRst);
	ClearVector(m_vProcessRst);
	ClearVector(m_vServiceRst);
	ClearVector(m_vSoftWareRst);
	ClearVector(m_vAuthSecRst);
	ClearVector(m_vAccountSecRst);
	ClearVector(m_vServiceSecRst);
	ClearVector(m_vPasswordSecRst);
	ClearVector(m_vNetSecRst);
	ClearVector(m_vFileSecRst);
	ClearVector(m_vFileShareRst);
	ClearVector(m_vUSBLigRst);
	ClearVector(m_vUSBDeepRst);
	ClearVector(m_vSysPatchRst);
	ClearVector(m_vNetWorkCardRst);
}

// 清空全部 存放UTF-8结果的容器   vector<vector<char*>>
void CDisposeResult::MyClearVector2()
{
	ClearVector2(m_vWebLogRstLast);
	ClearVector2(m_vWebFileRstLast);
	ClearVector2(m_vSysLogRstLast);
	ClearVector2(m_vAppLogRstLast);
	ClearVector2(m_vSecLogRstLast);
	ClearVector2(m_vFileTraceRstLast);
	ClearVector2(m_vNetLigRstLast);
	ClearVector2(m_vNetDeepRstLast);
	ClearVector2(m_vPortRstLast);
	ClearVector2(m_vProcessRstLast);
	ClearVector2(m_vServiceRstLast);
	ClearVector2(m_vSoftWareRstLast);
	ClearVector2(m_vAuthSecRstLast);
	ClearVector2(m_vAccountSecRstLast);
	ClearVector2(m_vServiceSecRstLast);
	ClearVector2(m_vPasswordSecRstLast);
	ClearVector2(m_vNetSecRstLast);
	ClearVector2(m_vFileSecRstLast);
	ClearVector2(m_vFileShareRstLast);
	ClearVector2(m_vUSBLigRstLast);
	ClearVector2(m_vUSBDeepRstLast);
	ClearVector2(m_vSysPatchRstLast);
}

// 清空全部 存放html模板的容器   vector<pair<char*, int>>
void CDisposeResult::MyClearVector3()
{
	ClearVector3(m_vCaption);
	ClearVector3(m_vContent1);
	//ClearVector3(m_vContent2);
	//ClearVector3(m_vContent3);
	//ClearVector3(m_vContent4);
	ClearVector3(m_vContent5);
	ClearVector3(m_vContent6);
	ClearVector3(m_vContent7);
	ClearVector3(m_vContent8);
	ClearVector3(m_vContent9);
	ClearVector3(m_vContent10);
	ClearVector3(m_vContent11);
	ClearVector3(m_vContent12);
	ClearVector3(m_vContent13);
	ClearVector3(m_vContent14);
	ClearVector3(m_vContent15);
	ClearVector3(m_vContent16);
	ClearVector3(m_vContent17);
	ClearVector3(m_vContent18);
	ClearVector3(m_vContent19);
	ClearVector3(m_vContent20);
	ClearVector3(m_vContent21);
	ClearVector3(m_vEnding);

	ClearVector3(m_vLogCaption1);
	ClearVector3(m_vLogCaption2);
	ClearVector3(m_vLogCaption3);
	ClearVector3(m_vLogCaption4);
}


// 将空容器 填入 "无结果"
void IfEmpty(std::vector<std::vector<CString>> &vt, int num)
{
	CString str(_T("\n\t\t\t\t\t\t\t\t\t<td>无结果</td>"));
	std::vector<CString> vt1;
	for(int i = 0; i < num; i++)
	{
		vt1.push_back(str);
	}
	vt.push_back(vt1);
}

void WriteResult(CStdioFile &file, std::vector<std::vector<char*>> &vt)
{
	std::vector<std::vector<char*>>::iterator it = vt.begin();
	for(; it != vt.end(); it++)
	{
		std::vector<char*>::iterator it1 = (*it).begin();
		for(; it1 != (*it).end(); it1++)
		{
			file.Write(*it1, static_cast<UINT>(strlen(*it1)));
		}
	}
}

// 获取存储结果的盘符的剩余容量
ULONGLONG GetDiskSpace()
{
	CString strDiks = Str_SavePath.Left(Str_SavePath.Find(TEXT("\\")));
	ULARGE_INTEGER size;
	GetDiskFreeSpaceEx(strDiks, NULL, NULL, &size);
	
	return size.QuadPart;
}

// 获取容器内容在 UTF-8格式下 的大小
ULONGLONG GetVector1Size(std::vector<std::pair<char*, int>>& vt)
{
	ULONGLONG size = 0;
	std::vector<std::pair<char*, int>>::iterator it = vt.begin();
	for(; it != vt.end(); it++)
	{
		size += (*it).second * 3; //因为 utf-8, 所以乘3 
	}

	return size;
}

ULONGLONG GetVector2Size(std::vector<std::vector<char*>>& vt)
{
	ULONGLONG size = 0;
	std::vector<std::vector<char*>>::iterator it = vt.begin();
	for(; it != vt.end(); it++)
	{
		for(std::vector<char*>::iterator it1 = (*it).begin(); it1 != (*it).end(); it1++)
		{
			size += strlen(*it1)*3 +3 ; // 因为是UTF-8, 所以乘3
		}
	}
	return size;
}

// 判断剩余空间是否足够存储 结果html文件
BOOL CDisposeResult::IsFreeSpace(ULONGLONG FreeSpace)
{
	ULONGLONG Size = 0;
	ULONGLONG sz = GetVector1Size(m_vCaption);
	Size += sz;
	sz = GetVector1Size(m_vContent1);
	Size += sz;
	sz = GetVector1Size(m_vContent2);
	Size += sz;
	sz = GetVector1Size(m_vContent3);
	Size += sz;
	sz = GetVector1Size(m_vContent4);
	Size += sz;
	sz = GetVector1Size(m_vContent5);
	Size += sz;
	sz = GetVector1Size(m_vContent6);
	Size += sz;
	sz = GetVector1Size(m_vContent7);
	Size += sz;
	sz = GetVector1Size(m_vContent8);
	Size += sz;
	sz = GetVector1Size(m_vContent9);
	Size += sz;
	sz = GetVector1Size(m_vContent10);
	Size += sz;
	sz = GetVector1Size(m_vContent11);
	Size += sz;
	sz = GetVector1Size(m_vContent12);
	Size += sz;
	sz = GetVector1Size(m_vContent13);
	Size += sz;
	sz = GetVector1Size(m_vContent14);
	Size += sz;
	sz = GetVector1Size(m_vContent15);
	Size += sz;
	sz = GetVector1Size(m_vContent16);
	Size += sz;
	sz = GetVector1Size(m_vContent17);
	Size += sz;
	sz = GetVector1Size(m_vContent18);
	Size += sz;
	sz = GetVector1Size(m_vContent19);
	Size += sz;
	sz = GetVector1Size(m_vContent20);
	Size += sz;
	sz = GetVector1Size(m_vContent21);
	Size += sz;
	sz = GetVector1Size(m_vEnding);
	Size += sz;

	sz = GetVector1Size(m_vLogCaption1);
	Size += sz;
	sz = GetVector1Size(m_vLogCaption2);
	Size += sz;
	sz = GetVector1Size(m_vLogCaption3);
	Size += sz;
	sz = GetVector1Size(m_vLogCaption4);
	Size += sz;


	sz = GetVector2Size(m_vWebLogRstLast);
	Size += sz;
	sz = GetVector2Size(m_vWebFileRstLast);
	Size += sz;
	sz = GetVector2Size(m_vSysLogRstLast);
	Size += sz;
	sz = GetVector2Size(m_vAppLogRstLast);
	Size += sz;
	sz = GetVector2Size(m_vSecLogRstLast);
	Size += sz;
	sz = GetVector2Size(m_vFileTraceRstLast);
	Size += sz;
	sz = GetVector2Size(m_vNetLigRstLast);
	Size += sz;
	sz = GetVector2Size(m_vNetDeepRstLast);
	Size += sz;
	sz = GetVector2Size(m_vPortRstLast);
	Size += sz;
	sz = GetVector2Size(m_vProcessRstLast);
	Size += sz;
	sz = GetVector2Size(m_vServiceRstLast);
	Size += sz;
	sz = GetVector2Size(m_vSoftWareRstLast);
	Size += sz;
	sz = GetVector2Size(m_vAuthSecRstLast);
	Size += sz;
	sz = GetVector2Size(m_vAccountSecRstLast);
	Size += sz;
	sz = GetVector2Size(m_vServiceSecRstLast);
	Size += sz;
	sz = GetVector2Size(m_vPasswordSecRstLast);
	Size += sz;
	sz = GetVector2Size(m_vNetSecRstLast);
	Size += sz;
	sz = GetVector2Size(m_vFileSecRstLast);
	Size += sz;
	sz = GetVector2Size(m_vFileShareRstLast);
	Size += sz;
	sz = GetVector2Size(m_vUSBLigRstLast);
	Size += sz;
	sz = GetVector2Size(m_vUSBDeepRstLast);
	Size += sz;
	sz = GetVector2Size(m_vSysPatchRstLast);
	Size += sz;

	if(FreeSpace > Size)
		return TRUE;

	return FALSE;
}


// 1 将html模板读入容器中
void CDisposeResult::MyReadHtml()
{
	//if(!m_vCaption.empty())
	//	return ;

	// UTF8 中文有乱码, Unicode也有
	// UTF8ToUnicode 将 UTF8转换成 Unicode
	// setlocale 解决Unicode中文乱码问题
	char* old_locale = _strdup( setlocale(LC_CTYPE,NULL) ); 
	setlocale( LC_CTYPE, "chs" );

	CStdioFile f1;
	CString HtmlPath = CTOOLBOX4App::ms_ModPath + _T("html\\index.html");
	if(!f1.Open(HtmlPath, CFile::modeRead/*|CFile::typeText | CFile::typeUnicode*/))
	{
		//AfxMessageBox(_T("打开html文件错误,请检查html文件是否存在!"));
		MessageBox(_T("打开html文件错误,请检查html文件是否存在!"), _T("打开文件失败"), MB_ICONERROR);
		exit(-1);
	}
	
	byte* p  = new byte[f1.GetLength()];
	f1.Read(p, static_cast<UINT>(f1.GetLength()));

	f1.Close();

	int wcsLen = ::MultiByteToWideChar(CP_UTF8, NULL, (LPCSTR)p, static_cast<int>(strlen((LPCSTR)p)), NULL, 0);
	WCHAR * wszANSI = new WCHAR[wcsLen + 1];
	memset(wszANSI, 0, wcsLen * 2 + 2);
	MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)p, static_cast<int>(strlen((LPCSTR)p)), wszANSI, wcsLen);

	char * result;
	int textlen;
	textlen = WideCharToMultiByte( CP_UTF8, 0, wszANSI, -1, NULL, 0, NULL, NULL );
	result =(char *)malloc((textlen+1)*sizeof(char));
	memset(result, 0, sizeof(char) * ( textlen + 1 ) );
	WideCharToMultiByte( CP_UTF8, 0, wszANSI, -1, result, textlen, NULL, NULL );

	char * p1 = result;
	p1 = ReadHtml(p1, CDisposeResult::m_vCaption, _T("<!--WebDetection-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent1, _T("<!--BadSpeech-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent2, _T("<!--AttackPattern-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent3, _T("<!--AttackSource-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent4, _T("<!--AttaceTools-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent5, _T("<!--virus-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent6, _T("<!--FileTrace-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent65, _T("<!--NetTrace-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent7, _T("<!--NetTraceDeep-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent8, _T("<!--UsbTrace-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent9, _T("<!--UsbTraceDeep-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent10, _T("<!--AuthSec-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent11, _T("<!--AccSec-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent12, _T("<!--ServiceSec-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent13, _T("<!--PassWordSec-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent14, _T("<!--NetSec-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent15, _T("<!--FileSec-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent16, _T("<!--Port-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent17, _T("<!--process-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent18, _T("<!--Service-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent19, _T("<!--SoftWare-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent20, _T("<!--IMSoftWare-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent21, _T("<!--EMail-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vContent22, _T("<!--FileShare-->"));
	p1 = ReadHtml(p1, CDisposeResult::m_vEnding, _T("<!--FileEnd-->"));

	if(p != NULL)
	{
		delete []p;
		p = NULL;
	}

	if(wszANSI != NULL)
	{
		delete []wszANSI;
		wszANSI = NULL;
	}

	if(result != NULL)
	{
		free(result);
		result = NULL;
	}

	setlocale( LC_CTYPE, old_locale ); 
	free( old_locale );
}

// *将主机日志html模板读入容器
void CDisposeResult::MyReadLogHtml()
{
	char* old_locale = _strdup( setlocale(LC_CTYPE,NULL) ); 
	setlocale( LC_CTYPE, "chs" );
	/////////////////////////////
	CString m_module = CTOOLBOX4App::ms_ModPath;
	m_module += _T("html\\hostNote.html");

	//TCHAR* pFileName = _T("./html/hostNote.html");
	CStdioFile f1;
	if(!f1.Open(m_module, CFile::modeRead/*|CFile::typeText | CFile::typeUnicode*/))
	{
		//AfxMessageBox(_T("打开html文件错误,请检查html文件是否存在!"));
		MessageBox(_T("打开html文件错误,请检查html文件是否存在!"), _T("打开文件失败"), MB_ICONERROR);
		exit(-1);
	}
	byte* p  = new byte[f1.GetLength()];
	f1.Read(p, static_cast<UINT>(f1.GetLength()));
	f1.Close();

	int wcsLen = ::MultiByteToWideChar(CP_UTF8, NULL, (LPCSTR)p, static_cast<int>(strlen((LPCSTR)p)), NULL, 0);
	WCHAR * wszANSI = new WCHAR[wcsLen + 1];
	memset(wszANSI, 0, wcsLen * 2 + 2);
	MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)p, static_cast<int>(strlen((LPCSTR)p)), wszANSI, wcsLen);

	char * result;
	int textlen;
	textlen = WideCharToMultiByte( CP_UTF8, 0, wszANSI, -1, NULL, 0, NULL, NULL );
	result =(char *)malloc((textlen+1)*sizeof(char));
	memset(result, 0, sizeof(char) * ( textlen + 1 ) );
	WideCharToMultiByte( CP_UTF8, 0, wszANSI, -1, result, textlen, NULL, NULL );

	char * p1 = result;
	//p1 = ReadHtml(p1, m_vLogCaption1, _T("<!--systemlog-->"));
	//p1 = ReadHtml(p1, m_vLogCaption2, _T("<!--applog-->"));
	//p1 = ReadHtml(p1, m_vLogCaption3, _T("<!--seclog-->"));
	//p1 = ReadHtml(p1, m_vLogCaption4, _T("<!--theend-->"));
	p1 = ReadHtml(p1, m_vLogCaption1, _T("<!--SecLog-->"));
	p1 = ReadHtml(p1, m_vLogCaption2, _T("<!--FileEnd-->"));

	if(p != NULL)
	{
		delete []p;
		p = NULL;
	}
	if(wszANSI != NULL)
	{
		delete []wszANSI;
		wszANSI = NULL;
	}

	if(result != NULL)
	{
		free(result);
		result = NULL;
	}

	////////////////////////////
	setlocale( LC_CTYPE, old_locale ); 
	free( old_locale );
}

// 清空 存放 即时通讯软件 和 邮件客户端的容器 虚拟机软件
void CDisposeResult::MyClearSoftWare()
{
	std::vector<PSOFTWAREINFO>::iterator itr;
	if(!m_vInstalledIM.empty())
	{
		for(itr = m_vInstalledIM.begin(); itr != m_vInstalledIM.end(); itr++)
		{
			if(*itr != NULL)
			{
				delete *itr;
				*itr = NULL;
			}
		}
		m_vInstalledIM.clear();
	}	
	if(!m_vInstalledEmail.empty())
	{
		for(itr = m_vInstalledEmail.begin(); itr != m_vInstalledEmail.end(); itr++)
		{
			if(*itr != NULL)
			{
				delete *itr;
				*itr = NULL;
			}
		}
		m_vInstalledEmail.clear();
	}

	if(!m_vInstalledVM.empty())
	{
		for(itr = m_vInstalledVM.begin(); itr != m_vInstalledVM.end(); itr++)
		{
			if(*itr != NULL)
			{
				delete *itr;
				*itr = NULL;
			}
		}
		m_vInstalledVM.clear();
	}
}

// 获取 即时通讯软件和邮件客户端
void CDisposeResult::IsSoftWare(PSOFTWAREINFO pSoftWare)
{

	CString SoftWare(pSoftWare->strName);
	std::vector<CString>::iterator it;
	for(it = m_vIMsoftware.begin(); it != m_vIMsoftware.end(); it++)
	{
		if(*it == SoftWare) // 对比即时通讯软件
		{
			PSOFTWAREINFO pInfo;
			pInfo = new SOFTWAREINFO;
			memset(pInfo, 0, sizeof(SOFTWAREINFO));
			memcpy(pInfo, pSoftWare, sizeof(SOFTWAREINFO));
			//WriteXml(fd, pInfo);
			m_vInstalledIM.push_back(pInfo);
			return ;
		}
	}

	for( it = m_vEmailSoftware.begin(); it != m_vEmailSoftware.end(); it++)
	{
		if(*it == SoftWare) // 对比邮件客户端
		{
			PSOFTWAREINFO pInfo2;
			pInfo2 = new SOFTWAREINFO;
			memset(pInfo2, 0, sizeof(SOFTWAREINFO));
			memcpy(pInfo2, pSoftWare, sizeof(SOFTWAREINFO));
			m_vInstalledEmail.push_back(pInfo2);
			return ;
		}
	}
/*	CString vm = SoftWare.MakeLower();
	for(it = m_vVMsoftware.begin(); it != m_vVMsoftware.end(); it++)
	{
		if(vm.Find(*it) != -1)
		{
			PSOFTWAREINFO pInfo2;
			pInfo2 = new SOFTWAREINFO;
			memset(pInfo2, 0, sizeof(SOFTWAREINFO));
			memcpy(pInfo2, pSoftWare, sizeof(SOFTWAREINFO));
			m_vInstalledVM.push_back(pInfo2);
			return ;
		}
	}
*/
	PSOFTWAREINFO pInfo3;
	pInfo3 = new SOFTWAREINFO;
	memset(pInfo3, 0, sizeof(SOFTWAREINFO));
	memcpy(pInfo3, pSoftWare, sizeof(SOFTWAREINFO));
	m_vInstalledOther.push_back(pInfo3);

	return;
}

void InsertDb(int type, sqlite3* hSql, CString Name, CString company, CString vers, CString path, CString date)
{
	//char *lName = Name;
	//char *lCompany = company;
	//char *lVers = vers;
	//char *lPath = path;
	//char *lDate = date;

	int ret;
	char *errMsg = NULL;
	CString guid = NewGUID();
	//char * cGuid = UnicodeToUtf8(guid);//
	//char sql[1024] = {0};
	CString strSql;
	Name.Replace(_T("\'"), _T("\'\'"));
	company.Replace(_T("\'"), _T("\'\'"));
	vers.Replace(_T("\'"), _T("\'\'"));
	path.Replace(_T("\'"), _T("\'\'"));
	date.Replace(_T("\'"), _T("\'\'"));
	strSql.Format(_T("insert into Key_Software values('%s', '%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s')"),guid, type, Name, company, vers, path, date, CTOOLBOX4App::ms_strMacAddr, CModule::m_csEventTaskId);
	//sprintf(sql, "insert into Key_Software values('%s', '%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", cGuid, type, lName, lCompany, lVers, lPath,  lDate,UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr), UnicodeToUtf8(CModule::m_csEventTaskId));
	char *sql = UnicodeToUtf8(strSql);

	ret = sqlite3_exec(hSql, sql, NULL, NULL, &errMsg);
	if(errMsg != NULL)
	{
		MessageBox(NULL, UTF82WCS(errMsg), _T("错误"), MB_ICONERROR);
		sqlite3_free(errMsg);
		exit(-6);
	}
	//delete []cGuid;
	delete []sql;
}

void ClearVt(std::vector<PSOFTWAREINFO>&vt)
{
	std::vector<PSOFTWAREINFO>::iterator it;
	for(it = vt.begin(); it != vt.end(); it++)
	{
		if(*it != NULL)
		{
			delete *it;
			*it = NULL;
		}
	}
	vt.clear();
	std::vector<PSOFTWAREINFO>().swap(vt);
}

// 将安装软件,即时通讯软件,邮件客户端 存入数据库
void CDisposeResult::SoftWareInsertDb()
{
	OutputDebugString(_T("disposeResult_soft1"));
	sqlite3 * hSql;
	int ret;
	CString strDbName = CTOOLBOX4App::ms_strFullResultPath;
	strDbName += _T("主机层\\hongtan004.db");
	char * dbName = UnicodeToUtf8(strDbName);//
	ret = sqlite3_open(dbName, &hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(_T("打开数据库失败"), _T("错误"), MB_ICONERROR);
		exit(-7);
	}
	std::vector<PSOFTWAREINFO>::iterator it;
	for(it = m_vInstalledIM.begin(); it != m_vInstalledIM.end(); it++)
	{
		InsertDb(3, hSql, (*it)->strName, (*it)->strPublisher, (*it)->strVersion, (*it)->strPath, (*it)->strInstallDate);
	}
	for(it = m_vInstalledEmail.begin(); it != m_vInstalledEmail.end(); it++)
	{
		InsertDb(2, hSql, (*it)->strName, (*it)->strPublisher, (*it)->strVersion, (*it)->strPath, (*it)->strInstallDate);
	}
	for(it = m_vInstalledOther.begin(); it != m_vInstalledOther.end(); it++)
	{
		InsertDb(1, hSql, (*it)->strName, (*it)->strPublisher, (*it)->strVersion, (*it)->strPath, (*it)->strInstallDate);
	}
	//for(it = m_vInstalledVM.begin(); it != m_vInstalledVM.end(); it++)
	//{
	//	InsertDb(4,hSql, (*it)->strName, (*it)->strPublisher, (*it)->strVersion, (*it)->strPath, (*it)->strInstallDate);
	//}
	sqlite3_close(hSql);
	ClearVt(m_vInstalledOther);
	ClearVt(m_vInstalledIM);
	ClearVt(m_vInstalledEmail);
	//ClearVt(m_vInstalledVM);
	delete []dbName;
	OutputDebugString(_T("disposeResult_soft2"));
}

void CDisposeResult::FreeVectorMap(std::vector<std::map<std::string,std::wstring>>&vt)
{
	std::map<std::string, std::wstring>::iterator it1;
	std::vector<std::map<std::string, std::wstring>>::iterator it2;
	for(it2 = vt.begin(); it2 != vt.end(); it2++)
	{
		(*it2).clear();
		std::map<std::string, std::wstring>().swap(*it2);
	}
	vt.clear();
	std::vector<std::map<std::string, std::wstring>>().swap(vt);
}

// 将采集结果(Unicode) 存入容器中 
void CDisposeResult::GetResult(int type, LPARAM lParam)
{
	//return; // 不需要在这里进行结果处理了
	CString RstLeft = _T("<td>");
	CString RstRight = _T("</td>");
	switch(type)
	{
/*	case CHECK_SYSLOG:	// 系统日志
		{
			PSYSTEMLOGINFO pPc = (PSYSTEMLOGINFO)lParam;
			map<string,CString> map1;
			map1.insert(pair<string,CString>("event_level",pPc->event_level));//“级别”，事件“类型”
			map1.insert(pair<string,CString>("date",pPc->date));//事件查看器--“日期和时间”
			map1.insert(pair<string,CString>("source",pPc->source));//事件查看器--“来源”
			map1.insert(pair<string,CString>("event_id",pPc->event_id));//事件查看器--“事件 ID”
			map1.insert(pair<string,CString>("task_type",pPc->task_type));//事件查看器--“任务类别”
			map1.insert(pair<string,CString>("describe",pPc->describe));//描述
			m_svSysLog.push_back(map1);
			if(m_svSysLog.size() >= 100)
			{
				//MyIntBox(m_svSysLog.capacity());
				util_sysLog->WriteVector2XMLFile(m_svSysLog,"Sys_Log");
				//FreeVectorMap(m_svSysLog);
				//MyIntBox(m_svSysLog.capacity());
			}
			break;
			//MessageBox(pPc->event_level);
			//PSYSTEMLOGINFO pSyslog = new SYSTEMLOGINFO;
			//if(pSyslog != NULL)
			//{
			//	memset(pSyslog, 0, sizeof(SYSTEMLOGINFO));
			//	memcpy(pSyslog, pPc, sizeof(SYSTEMLOGINFO));
			//}
			//CLogAnalyze::m_vSystemLog.push_back(pSyslog);
			/*
			vector<CString> vt;
			if(m_vSysLogRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->event_level);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->date);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->source);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->event_id);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->task_type);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->describe);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str7);
			m_vSysLogRst.push_back(vt);*/
	//	}
/*	case CHECK_APPLOG:	// 应用程序日志
		{
			PAPPLICATIONLOGINFO pPc = (PAPPLICATIONLOGINFO)lParam;
			//PAPPLICATIONLOGINFO pApplog = new APPLICATIONLOGINFO;
			//if(pApplog != NULL)
			//{
			//	memset(pApplog, 0, sizeof(APPLICATIONLOGINFO));
			//	memcpy(pApplog, pPc, sizeof(APPLICATIONLOGINFO));
			//}
			//CLogAnalyze::m_vAppLog.push_back(pApplog);
			vector<CString> vt;
			if(m_vAppLogRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->event_level);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->date);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->source);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->event_id);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->task_type);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->describe);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str7);
			m_vAppLogRst.push_back(vt);
		}*/
	//case CHECK_SECLOG:	// 安全日志
	//	{
	//		PSYSTEMLOGINFO pPc = (PSYSTEMLOGINFO)lParam;
	//		map<string,CString> map1;
	//		map1.insert(pair<string,CString>("event_level",pPc->event_level));//“级别”，事件“类型”
	//		map1.insert(pair<string,CString>("date",pPc->date));//事件查看器--“日期和时间”
	//		map1.insert(pair<string,CString>("source",pPc->source));//事件查看器--“来源”
	//		map1.insert(pair<string,CString>("event_id",pPc->event_id));//事件查看器--“事件 ID”
	//		map1.insert(pair<string,CString>("task_type",pPc->task_type));//事件查看器--“任务类别”
	//		map1.insert(pair<string,CString>("describe",pPc->describe));//描述
	//		m_svSecLog.push_back(map1);
	//		if(m_svSecLog.size() >= 10000)
	//		{
	//			util_secLog->WriteVector2XMLFile(m_svSecLog,"Security_Log");
	//			FreeVectorMap(m_svSecLog);
	//		}

			/*
			PSECURITYLOGINFO pSecLog = new SECURITYLOGINFO;
			if(pSecLog != NULL)
			{
				memset(pSecLog, 0, sizeof(SECURITYLOGINFO));
				memcpy(pSecLog, pPc, sizeof(SECURITYLOGINFO));
			}
			CLogAnalyze::m_vSecurityLog.push_back(pSecLog);
			vector<CString> vt;
			if(m_vSecLogRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->event_level);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->date);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->source);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->event_id);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->task_type);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), pPc->describe);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str7);
			m_vSecLogRst.push_back(vt);*/
			//break;
		//}
/*	case CHECK_FILECHECK:	// 文件操作痕迹
		{
			PFILEOPRATIONLIGHTCHECK pPc = (PFILEOPRATIONLIGHTCHECK)lParam;
			PFILEOPRATIONLIGHTCHECK pInfo = new FILEOPRATIONLIGHTCHECK;
			memset(pInfo, 0, sizeof(FILEOPRATIONLIGHTCHECK));
			memcpy(pInfo, pPc, sizeof(FILEOPRATIONLIGHTCHECK));
			m_vFilOprationLightCheck.push_back(pInfo);
			break;
		}*/
	case CHECK_INTERCHECK:	// 联网痕迹 轻度
		{
			PINTERNETRECORD pPc = (PINTERNETRECORD)lParam;
			std::vector<CString> vt;
			if(m_vNetLigRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->Date);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->Spread);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->Name);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->Versions);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->Process);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str6);
			m_vNetLigRst.push_back(vt);
			break;
		}
/*	case CHECK_INTERDEEP:	// 联网痕迹 深度
		{
			PNETDEEPRESULT pPc = (PNETDEEPRESULT)lParam;
			vector<CString> vt;
			if(m_vNetDeepRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strTime);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strDesc);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str3);
			m_vNetDeepRst.push_back(vt);
			break;
		}*/
/*	case CHECK_PORTCHECK:	// 端口
		{
			PPORTINFO pPc = (PPORTINFO)lParam;
			vector<CString> vt;
			if(m_vPortRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_Port);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_Protocol);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_LocalIP);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_RemoteIP);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_Status);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_PID);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->net_PName);
			vt.push_back(str7);
			CString str8;
			str8.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str8);
			m_vPortRst.push_back(vt);
			break;
		}
	case CHECK_PROCESSCHECK:	// 进程
		{
			PPROCESSINFO_ASSET pPc = (PPROCESSINFO_ASSET)lParam;
			vector<CString> vt;
			if(m_vProcessRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ProcessName);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ProcessID);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->IsQianMing);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->SoftPath);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);
			m_vProcessRst.push_back(vt);
			break;
		}
	case CHECK_SERVERCHECK:		// 服务
		{
			PSERVICEINFO_ASSET pPc = (PSERVICEINFO_ASSET)lParam;
			vector<CString> vt;
			if(m_vServiceRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ServiceName);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ProcessID);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ProcessName);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->IsAutoStart);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->IsQianMing);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ProgPath);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->ServiceDesc);
			vt.push_back(str7);
			CString str8;
			str8.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str8);
			m_vServiceRst.push_back(vt);
			break;
		}*/
	case CHECK_SOFTCHECK:	// 安装软件
		{
			PSOFTWAREINFO pPc = (PSOFTWAREINFO)lParam;
			// 获取即时通讯软件和邮件客户端
			IsSoftWare(pPc);
			/*
			vector<CString> vt;
			if(m_vSoftWareRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strName);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPublisher);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strVersion);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPath);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strInstallDate);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str6);
			m_vSoftWareRst.push_back(vt);
			*/
			break;
		}
/*	case CHECK_SECBASELINECHECK1:	// 授权安全
		{
			POSAUTHSECBSA pPc = (POSAUTHSECBSA)lParam;
			vector<CString> vt;
			if(m_vAuthSecRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->name);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->reference);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->real);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->compare);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);

			m_vAuthSecRst.push_back(vt);
			break;
		}
	case CHECK_SECBASELINECHECK2:	// 账户安全
		{
			POSAUTHSECBSA pPc = (POSAUTHSECBSA)lParam;
			vector<CString> vt;
			if(m_vAccountSecRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->name);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->reference);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->real);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->compare);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);
			m_vAccountSecRst.push_back(vt);
			break;
		}
	case CHECK_SECBASELINECHECK3:	// 服务访问安全
		{
			POSSERVICESECBSA pPc= (POSSERVICESECBSA)lParam;
			vector<CString> vt;
			if(m_vServiceSecRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->name);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->reference);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->real);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->compare);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);

			m_vServiceSecRst.push_back(vt);
			break;
		}
	case CHECK_SECBASELINECHECK4:	// 口令安全
		{
			POSPASSWORDBSA pPc= (POSPASSWORDBSA)lParam;
			vector<CString> vt;
			if(m_vPasswordSecRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->name);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->reference);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->real);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->compare);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);
			m_vPasswordSecRst.push_back(vt);
			break;
		}
	case CHECK_SECBASELINECHECK5:	// 网络访问安全
		{
			POSPASSWORDBSA pPc= (POSPASSWORDBSA)lParam;
			vector<CString> vt;
			if(m_vNetSecRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->name);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->reference);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->real);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->compare);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);

			m_vNetSecRst.push_back(vt);
			break;
		}
	case CHECK_SECBASELINECHECK6:	// 文件访问安全
		{
			POSFILEACCCTRLSECBSA pPc= (POSFILEACCCTRLSECBSA)lParam;
			vector<CString> vt;
			if(m_vFileSecRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->name);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->reference);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->real);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->compare);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str5);

			m_vFileSecRst.push_back(vt);
			break;
		}
/*	case CHECK_FILESHARE:	// 文件共享
		{
			PSHAREINFO pPc = (PSHAREINFO)lParam;
			vector<CString> vt;
			if(m_vFileShareRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strName);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPath);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPrivilege);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str4);

			m_vFileShareRst.push_back(vt);
			break;
		}
	case CHECK_USBCHECK:	// USB插拔记录 轻度
		{
			PUSBRECORDINFO pPc = (PUSBRECORDINFO)lParam;
			vector<CString> vt;
			if(m_vUSBLigRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_Type);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_DeviceName);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_SN);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_VID);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_PID);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_model);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_manufacturer);
			vt.push_back(str7);
			CString str8;
			str8.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_FirstDate);
			vt.push_back(str8);
			CString str9;
			str9.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_LastDate);
			vt.push_back(str9);
			CString str10;
			str10.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str10);

			m_vUSBLigRst.push_back(vt);
			break;
		}
	case CHECK_USBDEEP:	// USB插拔记录 深度
		{
			PUSBDEEPRESULT pPc = (PUSBDEEPRESULT)lParam;//PUSBDEEPRESULT
			vector<CString> vt;
			if(m_vUSBDeepRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			CString usbType(pPc->usb_type);
			if(usbType.CompareNoCase(_T("01")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("音频设备"));
			else if(usbType.CompareNoCase(_T("02")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("通信及通信类控制设备"));
			else if(usbType.CompareNoCase(_T("03")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("人体工学设备"));
			else if(usbType.CompareNoCase(_T("05")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("物理设备"));
			else if(usbType.CompareNoCase(_T("06")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("图像"));
			else if(usbType.CompareNoCase(_T("07")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("打印设备"));
			else if(usbType.CompareNoCase(_T("08")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("大容量存储设备"));
			else if(usbType.CompareNoCase(_T("09")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("集线器"));
			else if(usbType.CompareNoCase(_T("0A")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("通信类数据设备"));
			else if(usbType.CompareNoCase(_T("0B")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("智能卡"));
			else if(usbType.CompareNoCase(_T("0D")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("内容安全"));
			else if(usbType.CompareNoCase(_T("0E")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("视频"));
			else if(usbType.CompareNoCase(_T("0F")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("个人医疗"));
			else if(usbType.CompareNoCase(_T("DC")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("诊断设备"));
			else if(usbType.CompareNoCase(_T("E0")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("无线控制器"));
			else if(usbType.CompareNoCase(_T("FE")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("应用程序"));
			else if(usbType.CompareNoCase(_T("FF")) == 0)
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("厂家自定义"));
			else
				str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), _T("其他"));
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_name);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_id);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_VID);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_PID);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_firsttime);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->usb_time);
			vt.push_back(str7);
			CString str8;
			str8.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str8);

			m_vUSBDeepRst.push_back(vt);
			break;
		}
/*	case CHECK_PATCHCHECK:	// 系统补丁
		{
			PSYSPATCHINFO pPc = (PSYSPATCHINFO)lParam;
			vector<CString> vt;
			if(m_vSysPatchRst.size() > 0)
			{
				CString str(_T("\n\t\t\t\t\t\t\t\t</tr>"));
				vt.push_back(str);
				CString str0(_T("\n\t\t\t\t\t\t\t\t<tr>"));
				vt.push_back(str0);
			}
			CString str1;
			str1.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPatchID);
			vt.push_back(str1);
			CString str2;
			str2.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPatchDate);
			vt.push_back(str2);
			CString str3;
			str3.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPatchLevel);
			vt.push_back(str3);
			CString str4;
			str4.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPatchDesc);
			vt.push_back(str4);
			CString str5;
			str5.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), pPc->strPatchURL);
			vt.push_back(str5);
			CString str6;
			str6.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%d</td>"), pPc->nIfInstalled);
			vt.push_back(str6);
			CString str7;
			str7.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), m_strMacAddr);
			vt.push_back(str7);

			m_vSysPatchRst.push_back(vt);
			break;
		}*/
	}
}

// 将 采集结果(Unicode)容器  转码成 UTF-8
void CDisposeResult::MyTransResult()
{
	// 如果容器为空, 则填入 "无结果"
	if(m_vWebLogRst.empty())
		IfEmpty(m_vWebLogRst, 2);
	if(m_vWebFileRst.empty())
		IfEmpty(m_vWebFileRst, 2);
	if(m_vSysLogRst.empty())
		IfEmpty(m_vSysLogRst, 7);
	if(m_vAppLogRst.empty())
		IfEmpty(m_vAppLogRst, 7);
	if(m_vSecLogRst.empty())
		IfEmpty(m_vSecLogRst, 7);
	if(m_vFileTraceRst.empty())
		IfEmpty(m_vFileTraceRst, 5);
	if(m_vNetLigRst.empty())
		IfEmpty(m_vNetLigRst, 6);
	if(m_vNetDeepRst.empty())
		IfEmpty(m_vNetDeepRst, 3);
	if(m_vPortRst.empty())
		IfEmpty(m_vPortRst, 8);
	if(m_vProcessRst.empty())
		IfEmpty(m_vProcessRst, 5);
	if(m_vServiceRst.empty())
		IfEmpty(m_vServiceRst, 8);
	if(m_vSoftWareRst.empty())
		IfEmpty(m_vSoftWareRst, 6);
	if(m_vAuthSecRst.empty())
		IfEmpty(m_vAuthSecRst, 5);
	if(m_vAccountSecRst.empty())
		IfEmpty(m_vAccountSecRst, 5);
	if(m_vServiceSecRst.empty())
		IfEmpty(m_vServiceSecRst, 5);
	if(m_vPasswordSecRst.empty())
		IfEmpty(m_vPasswordSecRst, 5);
	if(m_vNetSecRst.empty())
		IfEmpty(m_vNetSecRst, 5);
	if(m_vFileSecRst.empty())
		IfEmpty(m_vFileSecRst, 5);
	if(m_vFileShareRst.empty())
		IfEmpty(m_vFileShareRst, 4);
	if(m_vUSBLigRst.empty())
		IfEmpty(m_vUSBLigRst, 10);
	if(m_vUSBDeepRst.empty())
		IfEmpty(m_vUSBDeepRst, 8);
	if(m_vSysPatchRst.empty())
		IfEmpty(m_vSysPatchRst, 7);

	// 将 Unicode 转到 UTF-8
	TransResult(m_vWebLogRst, m_vWebLogRstLast);
	TransResult(m_vWebFileRst, m_vWebFileRstLast);
	TransResult(m_vSysLogRst,m_vSysLogRstLast);
	TransResult(m_vAppLogRst,m_vAppLogRstLast);
	TransResult(m_vSecLogRst,m_vSecLogRstLast);
	TransResult(m_vFileTraceRst,m_vFileTraceRstLast);
	TransResult(m_vNetLigRst,m_vNetLigRstLast);
	TransResult(m_vNetDeepRst,m_vNetDeepRstLast);
	TransResult(m_vPortRst,m_vPortRstLast);
	TransResult(m_vProcessRst,m_vProcessRstLast);
	TransResult(m_vServiceRst,m_vServiceRstLast);
	TransResult(m_vSoftWareRst,m_vSoftWareRstLast);
	TransResult(m_vAuthSecRst,m_vAuthSecRstLast);
	TransResult(m_vAccountSecRst,m_vAccountSecRstLast);
	TransResult(m_vServiceSecRst, m_vServiceSecRstLast);
	TransResult(m_vPasswordSecRst,m_vPasswordSecRstLast);
	TransResult(m_vNetSecRst,m_vNetSecRstLast);
	TransResult(m_vFileSecRst,m_vFileSecRstLast);
	TransResult(m_vFileShareRst,m_vFileShareRstLast);
	TransResult(m_vUSBLigRst,m_vUSBLigRstLast);
	TransResult(m_vUSBDeepRst,m_vUSBDeepRstLast);
	TransResult(m_vSysPatchRst,m_vSysPatchRstLast);
}

/*  //解码不良言论
CString DecodeBadspeech(const CString &sInput)
{
	CString strTemp(sInput);
	strTemp.Replace(TEXT(" "), TEXT(""));
	CString strleft = strTemp.Left(strTemp.Find(TEXT("/")));
	CString strright = strTemp.Right(strTemp.GetLength() - strTemp.Find(TEXT("/")) - 1);
	CStringA strLeftA(strleft);
	CStringA strRightA(strright);
	char* szLeftFirst = new char[strLeftA.GetLength() + 1];
	memset(szLeftFirst, 0, strLeftA.GetLength() + 1);
	strcpy(szLeftFirst, strLeftA);
	char* szRightFirst = new char[strRightA.GetLength() + 1];
	memset(szRightFirst, 0, strRightA.GetLength() + 1);
	strcpy(szRightFirst, strRightA);

	char* szLeft = new char[strLeftA.GetLength()/2 + 2];
	memset(szLeft, 0 , strLeftA.GetLength() / 2 + 2);
	for (size_t i = 0; i < strLeftA.GetLength()/2 ; i++)
	{
		char p[5] = {0};
		p[0] = '0';
		p[1] = 'x';
		p[2] = szLeftFirst[i * 2];
		p[3] = szLeftFirst[i * 2  + 1];
		char* str;
		szLeft[i] = strtol(p, &str, 16);

	}
	CString strTemp1(szLeft);
	char* szRight = new char[strRightA.GetLength()/2 + 2];
	memset(szRight, 0, strRightA.GetLength() / 2 + 2);
	for (size_t i = 0; i < strRightA.GetLength()/2; i++)
	{
		char p[5] = { 0 };
		p[0] = '0';
		p[1] = 'x';
		p[2] = szRightFirst[i * 2];
		p[3] = szRightFirst[i * 2 + 1];

		char* str;
		szRight[i] = strtol(p, &str, 16);
	}
	CString strTemp2(szRight);

	delete[]szLeft;
	szLeft = NULL;
	delete[]szRight;
	szRight = NULL;
	CString strAll;
	strAll.Format(TEXT("%s/%s"), strTemp1, strTemp2);

	return strAll;
}
*/
void GetWebResultFromDb(const CString dbName, CStdioFile&hFile, char*sql)
{
	CString DbName = dbName;
	char * cDbName = UnicodeToUtf8(DbName);
	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	ret = sqlite3_open(cDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("打开数据库失败dr"), _T("警告"), MB_ICONWARNING);
		exit(-30);
	}
	//char sql[256];
	//memset(sql, 0, sizeof(sql));
	//sprintf(sql, "select file_name,md5,sha256,rule_match,type from Other_Action where type != 3");
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				// 字段名: dbResult[j], 值: dbResult[index] ;
				char val[512] = {0};
				if(j == 4)
				{
					if(UTF82WCS(dbResult[index]) == _T("1"))
					{
						const char * rt = "\n\t\t\t\t\t\t\t\t\t<td>Backdoor.Webshell</td>";
						hFile.Write(rt, static_cast<UINT>(strlen(rt)));
					}
					else if(UTF82WCS(dbResult[index]) == _T("2"))
					{
						const char * rt = "\n\t\t\t\t\t\t\t\t\t<td>APT.Malware</td>";
						hFile.Write(rt, static_cast<UINT>(strlen(rt)));
					}
					else
					{
						const char * rt = "\n\t\t\t\t\t\t\t\t\t<td></td>";
						hFile.Write(rt, static_cast<UINT>(strlen(rt)));
					}
				}
				else if (UTF82WCS(dbResult[j]) == _T("file_desc"))
				{
					CString bds = UTF82WCS(dbResult[index]);
					//CString babspeech = DecodeBadspeech(UTF82WCS(dbResult[index]));
					CString cl = bds.Left(bds.Find(_T('/')));
					CString cr = bds.Mid(bds.Find(_T('/'))+1);
					char bd1[256] = {0};
					char bd2[256] = {0};
					_snprintf_s(bd1, 255, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(cr));

					_snprintf_s(bd2, 255, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(cl));
					hFile.Write(bd1, static_cast<UINT>(strlen(bd1)));
					hFile.Write(bd2, static_cast<UINT>(strlen(bd2)));
				}
				else
				{
					memset(val, 0, sizeof(val));
					_snprintf_s(val, 512-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(val, static_cast<UINT>(strlen(val)));
				}
				
				index++;
			}
			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);
	}
	sqlite3_close(m_hSql);
}

// 执行只有1条结果的sql语句, 返回查询结果
CString GetOnlyResult(sqlite3*db, const char *sql)
{
	CString Rst = _T("0");

	sqlite3 *m_hSql = db;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				Rst = UTF82WCS(dbResult[index]);
				index++;
			}
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	return Rst;
}

// 从xml文件获取属性
void Write_Attribute(CStdioFile&hFile, tinyxml2::XMLElement *pElement, const char*AttrName)
{
	char nRow[40960] = {0};
	memset(nRow, 0, sizeof(nRow));
	const char * AnsiAttr = pElement->FirstChildElement(AttrName)->GetText();
	char * Utf8Attr = UnicodeToUtf8(ANSI2UNICODE(AnsiAttr));//
	_snprintf_s(nRow, 40960-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", Utf8Attr);
	hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
	delete []Utf8Attr;
}

// 攻击行为old
#if 0
void Write_AttackBehavior(CStdioFile&hFile, CString sDbName)
{
	CString dbName = sDbName;

	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	char * pDbName = UnicodeToUtf8(dbName);//
	// 打开数据库
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("数据库打开失败-01"), _T("错误"), MB_ICONERROR);
		exit(-10);
	}
	char sql[256];
	memset(sql, 0, sizeof(sql));
	sprintf(sql, "select file_include, java_ouin_stream, passwd_attack, scan_robots, sensitive_file, sql_injection, webshell, struts2, shell_shock, http_crlf, xss from watchertrack_attack_record"); 
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		char cRow[512] = {0};
		for (i = 0; i < nRow; i++)
		{
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				if(_ttoi(UTF82WCS(dbResult[index])) != 0)
				{
					CString field = UTF82WCS(dbResult[j]);
					if(field == _T("file_include"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_FileIncludeAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("java_ouin_stream"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_JavaouinStreamAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("passwd_attack"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_PasswdAttackAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("scan_robots"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_ScanRobotsAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("sensitive_file"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_SensitiveFileAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("sql_injection"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_SQLInjectionAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("webshell"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_WebShellAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("struts2"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_Struts2Attack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("shell_shock"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_ShellShockAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("http_crlf"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_HttpCRLFAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}
					else if(field == _T("xss"))
					{
						hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
						memset(cRow, 0, sizeof(cRow));
						// 攻击行为
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[j]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 攻击次数
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
						hFile.Write(cRow, strlen(cRow));
						memset(cRow, 0, sizeof(cRow));
						// 文件
						sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_XSSAttack.txt</td>");
						hFile.Write(cRow, strlen(cRow));
						hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
					}

				}
				index++;
			}
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}
	sqlite3_close(m_hSql);
	delete []pDbName;

}
#endif

// 攻击行为 回调函数
int GetAttackBehavior(void * para, int columnCount, char **columnValue, char **columnName)
{
	CStdioFile * hFile = (CStdioFile *)para;

	CString strA = _T("\n\t\t\t\t\t\t\t\t<tr>");
	CString strZ = _T("\n\t\t\t\t\t\t\t\t</tr>");
	char *chA = UnicodeToUtf8(strA);
	char *chZ = UnicodeToUtf8(strZ);

	for(int i = 0; i < columnCount; ++i)
	{
		CString column = UTF82WCS(columnName[i]);
		if(column.Find(_T("sensitive_file")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>sensitive_file</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);
			
			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_SensitiveFileAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("struts2")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>struts2</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_Struts2Attack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("shell_shock")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>shell_shock</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_ShellShockAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("http_crlf")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>http_crlf</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_HttpCRLFAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("file_include")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>file_include</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_HttpCRLFAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("java_ouin_stream")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>java_ouin_stream</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_JavaouinStreamAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("passwd_attack")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>passwd_attack</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_PasswdAttackAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("scan_robots")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>scan_robots</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_ScanRobotsAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("sql_injection")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>sql_injection</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_SQLInjectionAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("webshell")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>webshell</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_WebShellAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}
		else if(column.Find(_T("xss")) >= 0)
		{
			CString str2 = UTF82WCS(columnValue[i]);
			if(str2.IsEmpty())
				continue;
			hFile->Write(chA, static_cast<UINT>(strlen(chA)));

			CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>xss</td>");
			char * ch1 = UnicodeToUtf8(str1);
			hFile->Write(ch1, static_cast<UINT>(strlen(ch1)));
			DeletePointer2(ch1);

			CString temp;
			temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), str2.GetBuffer());
			char * ch2 = UnicodeToUtf8(temp);
			hFile->Write(ch2, static_cast<UINT>(strlen(ch2)));
			DeletePointer2(ch2);

			CString str3 = _T("\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_XSSAttack.ydtxt</td>");
			char * ch3 = UnicodeToUtf8(str3);
			hFile->Write(ch3, static_cast<UINT>(strlen(ch3)));
			DeletePointer2(ch3);

			hFile->Write(chZ, static_cast<UINT>(strlen(chZ)));
		}

	}

	DeletePointer2(chA);
	DeletePointer2(chZ);

	return SQLITE_OK;
}

// 攻击行为
void Write_AttackBehavior2(CStdioFile&hFile, CString sDbName)
{
	CString dbName = sDbName;
	char * pDbName = UnicodeToUtf8(dbName);

	sqlite3 * l_hSql;
	int ret;
	ret = sqlite3_open(pDbName, &l_hSql);
	if(ret != SQLITE_OK)
	{
		//打开失败
		MessageBox(NULL, _T("打开数据库失败"), _T("错误"), MB_ICONERROR);
		if(pDbName != NULL)
		{
			delete []pDbName;
			pDbName = NULL;
		}
		exit(-1);
	}

	const char *chA = "\n\t\t\t\t\t\t\t\t<tr>";
	const char *chZ = "\n\t\t\t\t\t\t\t\t</tr>";
	
	//const char *l_Sql = "select sum(file_include), sum(java_ouin_stream), sum(passwd_attack),sum(scan_robots),sum(sensitive_file),sum(sql_injection),sum(webshell),sum(struts2),sum(shell_shock),sum(http_crlf),sum(xss) from watchertrack_attack_record"; 
	//ret = sqlite3_exec(l_hSql, l_Sql, GetAttackBehavior, &hFile, &errmsg);
	//                 i =          0                 1                  2               3               4                 5             6           7            8             9        10                
	const char * Attack_code[11] = {"file_include", "java_ouin_stream", "passwd_attack", "scan_robots", "sensitive_file", "sql_injection", "webshell", "struts2", "shell_shock", "http_crlf", "xss"};
	char sql[1024] = {0};
	for(int i = 0; i < 11; i++)
	{
		memset(sql, 0, sizeof(char)*1024);
		_snprintf_s(sql, 1023, "select count(*) from Web_Attack_Action where attack_code = '%s'", Attack_code[i]);
		CString count = GetOnlyResult(l_hSql, sql);
		switch (i)
		{
		case 0:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));
				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>任意文件读取</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_FileIncludeAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 1:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>Java反序列化攻击</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_JavaouinStreamAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 2:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>密码暴力破解</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_PasswdAttackAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 3:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>扫描器入侵行为</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_ScanRobotsAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 4:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>敏感文件访问</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_SensitiveFileAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 5:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>SQL注入</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_SQLInjectionAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 6:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>webshell</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_WebShellAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 7:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>Struts2漏洞攻击</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_Struts2Attack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 8:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>ShellShock漏洞攻击</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_ShellShockAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 9:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>HTTP头CRLF攻击</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);
				
				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_HttpCRLFAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}
		case 10:
			{
				hFile.Write(chA, static_cast<UINT>(strlen(chA)));

				CString str1 = _T("\n\t\t\t\t\t\t\t\t\t<td>XSS攻击</td>");
				char * ch1 = UnicodeToUtf8(str1);
				hFile.Write(ch1, static_cast<UINT>(strlen(ch1)));
				DeletePointer2(ch1);

				CString temp;
				temp.Format(_T("\n\t\t\t\t\t\t\t\t\t<td>%s</td>"), count.GetBuffer());
				char * ch2 = UnicodeToUtf8(temp);
				hFile.Write(ch2, static_cast<UINT>(strlen(ch2)));
				DeletePointer2(ch2);

				const char * ch3 = "\n\t\t\t\t\t\t\t\t\t<td>watchertrack_attack_XSSAttack.ydtxt</td>";
				hFile.Write(ch3, static_cast<UINT>(strlen(ch3)));

				hFile.Write(chZ, static_cast<UINT>(strlen(chZ)));
				break;
			}

		}
	}

	sqlite3_close(l_hSql);
}

int GetintResult(sqlite3 *db, const char *sql)
{
	sqlite3 *m_hSql = db;
	int ret, index;
	int nRow, nColumn;
	int i, j;
	char * errMsg = NULL;
	char ** dbResult = NULL;
	int result = -1;
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		int attackCount = 0;
		for (i = 0; i < nRow; i++)
		{
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				result = _ttoi(UTF82WCS(dbResult[index]));
				index++;
			}
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	return result;
}

// 攻击来源
void Write_AttackSource(CStdioFile&hFile, CString sDbName)
{
	CString dbName = sDbName;

	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	char * pDbName = UnicodeToUtf8(dbName);//
	// 打开数据库
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("数据库打开失败-02"), _T("错误"), MB_ICONERROR);
		exit(-10);
	}
	//char * mSql = "select sum(attack_count) from watchertrack_attack_record";
	const char * mSql = "SELECT count(*) from Web_Attack_Action where attack_ip in (select ip_address from Source_Ip_Analysis)";
	int attackCount = GetintResult(m_hSql, mSql);

	//char sql[256];
	//memset(sql, 0, sizeof(sql));
	//_snprintf(sql, 256-1, "select sipcount from watchertrack_attack_record"); 
	// 查询Source_Ip_Analysis表中的ip在Web_Attack_Action表中出现的次数

	CString ip;
	CString Count;
	const char *sql = "select a.ip_address, COUNT(b.attack_ip) from Source_Ip_Analysis a join Web_Attack_Action b where a.ip_address = b.attack_ip GROUP BY b.attack_ip";
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
		/*		if(attackCount <= 0)
					continue;
				CString sip = UTF82WCS(dbResult[index]);
				CString tempstr = sip;
				int ct = 0;
				ct = tempstr.Remove(_T(':'));
				int bPos = 0;
				CString subStr = NULL;
				for(int i = 0; i < ct; i++)
				{
					int ePos = sip.Find(_T(','), bPos);
					if(ePos != -1)
					{
						subStr = sip.Mid(bPos, ePos-bPos);
					}
					else
					{
						subStr = sip.Mid(bPos);
					}

					CString ip = subStr.Left(subStr.Find(_T(':')));
					ip.Remove(_T('"'));
					CString Count = subStr.Mid(subStr.Find(_T(':'))+1);
					Count.Remove(_T(' '));
					if(_ttoi(Count) <= 0)
						continue;

					hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
					char ratio[128] = {0};
					_snprintf(ratio, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(ip));
					hFile.Write(ratio, strlen(ratio));
					memset(ratio, 0, sizeof(ratio));
					_snprintf(ratio, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%.2f%%</td>", (double)_ttoi(Count)/(double)attackCount*100);
					hFile.Write(ratio, strlen(ratio));
					memset(ratio, 0, sizeof(ratio));
					_snprintf(ratio, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(Count));
					hFile.Write(ratio, strlen(ratio));
					bPos = ePos + 1;
					hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
				}
				*/
				
				if(UTF82WCS(dbResult[j]) == _T("ip_address")) //ip
				{
					ip = UTF82WCS(dbResult[index]);
				}
				else	// 次数
				{
					Count = UTF82WCS(dbResult[index]);

					hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
					char ratio[128] = {0};
					_snprintf_s(ratio, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(ip));
					hFile.Write(ratio, static_cast<UINT>(strlen(ratio)));
					memset(ratio, 0, sizeof(ratio));
					_snprintf_s(ratio, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%.2f%%</td>", (double)_ttoi(Count)/(double)attackCount*100);
					hFile.Write(ratio, static_cast<UINT>(strlen(ratio)));
					memset(ratio, 0, sizeof(ratio));
					_snprintf_s(ratio, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(Count));
					hFile.Write(ratio, static_cast<UINT>(strlen(ratio)));
					hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
				}

				index++;
			}
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}
	sqlite3_close(m_hSql);
	delete []pDbName;
}

// 攻击工具
void Write_AttackTool(CStdioFile&hFile, CString sDbName)
{
	CString dbName = sDbName;

	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, index;
	char * errMsg = NULL;
	char * pDbName = UnicodeToUtf8(dbName);//
	// 打开数据库
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("数据库打开失败-03"), _T("错误"), MB_ICONERROR);
		exit(-10);
	}
	std::vector<CString> vtTools;

	char sql[256];
	memset(sql, 0, sizeof(sql));
	_snprintf_s(sql, 256-1, "select web_hack_tool from watchertrack_attack_record"); 
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			CString rt = UTF82WCS(dbResult[index]);
			CString temp = rt;
			int n = temp.Remove(_T(','));
			n += 1;
			int bPos = 0;
			CString SubStr = NULL;
			//char cRow[128] = {0};
			for(int m = 0; m < n; ++m)
			{
				int ePos = rt.Find(_T(','), bPos);
				if(ePos != -1)
				{
					SubStr = rt.Mid(bPos, ePos-bPos);
				}
				else
				{
					SubStr = rt.Mid(bPos);
				}
				if(SubStr.IsEmpty())
					break;
				vtTools.push_back(SubStr);
				/*
				hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", strlen("\n\t\t\t\t\t\t\t\t<tr>"));
				memset(cRow, 0, sizeof(cRow));
				sprintf(cRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(SubStr));
				hFile.Write(cRow, strlen(cRow));
				hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", strlen("\n\t\t\t\t\t\t\t\t</tr>"));
				*/
				bPos = ePos+1;
			}
			index++;
		}
	}
	sqlite3_close(m_hSql);

	sort(vtTools.begin(),vtTools.end());
	vtTools.erase(unique(vtTools.begin(), vtTools.end()), vtTools.end());
	char cRow[128] = {0};
	for(std::vector<CString>::iterator it = vtTools.begin(); it != vtTools.end(); it++)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
		memset(cRow, 0, sizeof(cRow));
		_snprintf_s(cRow, 128-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", UnicodeToUtf8(*it));
		hFile.Write(cRow, static_cast<UINT>(strlen(cRow)));
		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
	}

	delete []pDbName;
}

// 病毒检测
void Write_VirusDetection(CStdioFile&hFile)
{
	CString dbName = CTOOLBOX4App::ms_strFullResultPath;
	dbName  += _T("\\主机层\\hongtan004.db");
	char * pDbName = UnicodeToUtf8(dbName);//

	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	// 打开数据库
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("数据库打开失败-04"), _T("错误"), MB_ICONERROR);
		exit(-10);
	}
	char sql[256];
	memset(sql, 0, sizeof(sql));
	_snprintf_s(sql, 256-1, "select file_name, virus_type from Virus_Data"); 
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				char Rt[1024] = {0};
				memset(Rt, 0, sizeof(Rt));
				_snprintf_s(Rt, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
				hFile.Write(Rt, static_cast<UINT>(strlen(Rt)));
				index++;
			}
			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	
	}
	sqlite3_close(m_hSql);
	delete []pDbName;
}

// 文件操作痕迹
void Write_FileOperatoin(CStdioFile&hFile)
{

	CString dbName = CTOOLBOX4App::ms_strFullResultPath;
	dbName  += _T("\\主机层\\hongtan004.db");
	char * cDbName = UnicodeToUtf8(dbName);
	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	ret = sqlite3_open(cDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("打开数据库失败dr"), _T("警告"), MB_ICONWARNING);
		exit(-30);
	}
	//////////////////////////////////////////////
	// 指定类型的文件操作记录显示在前面
	const int nType = 5;
	const char* FileType[nType] = {"exe", "php", "py", "asp", "jsp"};
	char sql[512];
	for(int m = 0; m < nType; m++)
	{
		memset(sql, 0, sizeof(sql));
		sprintf_s(sql, "select file_name, file_path, operate_time, file_type, mac_address from File_Operation_Light where file_type = '%s'", FileType[m]);
		ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
		if(ret == SQLITE_OK)
		{
			index = nColumn;
			for (i = 0; i < nRow; i++)
			{
				hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
				for (j = 0; j < nColumn; j++)
				{
					// 字段名: dbResult[j], 值: dbResult[index] ;
					char val[1024];
					memset(val, 0, sizeof(char)*1024);
					_snprintf_s(val, 1023, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(val, static_cast<UINT>(strlen(val)));
					index++;
				}
				hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
			}
			sqlite3_free_table(dbResult);	// 释放结果
		}
	}
	// 然后将指定类型以外的记录显示在后面
	memset(sql, 0, sizeof(sql));
	char fmt[512];
	memset(fmt, 0, sizeof(fmt));
	sprintf_s(fmt, "select file_name, file_path, operate_time, file_type, mac_address from File_Operation_Light ");
	for(int i = 0; i < nType; i++)// 拼接出sql语句: select x from x where x != 'x';
	{
		if(i == 0)
		{
			strcat_s(fmt, " where file_type != '%s'");
			sprintf_s(sql, fmt, FileType[i]);
			memset(fmt, 0, sizeof(fmt));
			strncpy_s(fmt, sql, 512);
		}
		else
		{
			strcat_s(fmt, " and file_type != '%s'");
			sprintf_s(sql, fmt, FileType[i]);
			memset(fmt, 0, sizeof(fmt));
			strncpy_s(fmt, sql, 512);
		}
	}

	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				// 字段名: dbResult[j], 值: dbResult[index] ;
				char val[1024];
				memset(val, 0, sizeof(char)*1024);
				_snprintf_s(val, 1023, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
				hFile.Write(val, static_cast<UINT>(strlen(val)));
				index++;
			}
			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	if(cDbName != NULL)
	{
		delete[] cDbName;
		cDbName = NULL;
	}

	sqlite3_free(errMsg);
	sqlite3_close(m_hSql);
	return;
}

// 联网痕迹-轻度
void Write_NetTrace(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);
	//else
		//cPath1= UnicodeToANSI(XmlPath1);

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);	 
	auto  pRoot = xmlDoc.RootElement();	
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto  pElement = pRoot->FirstChildElement("Net_Light_Check"); 
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "net_open_time");

		Write_Attribute(hFile, pElement, "net_url");

		Write_Attribute(hFile, pElement, "browser_name");

		Write_Attribute(hFile, pElement, "browser_version");

		Write_Attribute(hFile, pElement, "related_process");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10240-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		pElement = pElement->NextSiblingElement("Net_Light_Check");
	}
	delete []cMac;
	delete []cPath1;
}

void WriteNetTraceForDb(CStdioFile&hFile, sqlite3*db)
{
	sqlite3 * m_hSql = db;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;

	CString cField = NULL; //字段名
	char *time = NULL;
	char *url = NULL;
	char *name = NULL;
	char *version = NULL;
	char *process = NULL;
	char *mac = NULL;

	char strRow[5120] = {0};

	const char *sql = "select * from Net_Light_Check";
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			time = NULL;
			url = NULL;
			name = NULL;
			version = NULL;
			process = NULL;
			mac = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("net_open_time"))
				{
					time = dbResult[index];
				}
				else if(cField == _T("net_url"))
				{
					url = dbResult[index];
				}
				else if(cField == _T("browser_name"))
				{
					name = dbResult[index];
				}
				else if(cField == _T("browser_version"))
				{
					version = dbResult[index];
				}
				else if(cField == _T("related_process"))
				{
					process = dbResult[index];
				}
				else if(cField == _T("mac_address"))
				{
					mac = dbResult[index];
				}
				index++;
			}
			memset(strRow, 0, sizeof(strRow));
			_snprintf_s(strRow, 5120-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", time);
			hFile.Write(strRow, static_cast<UINT>(strlen(strRow)));
			memset(strRow, 0, sizeof(strRow));
			_snprintf_s(strRow, 5120-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", url);
			hFile.Write(strRow, static_cast<UINT>(strlen(strRow)));
			memset(strRow, 0, sizeof(strRow));
			_snprintf_s(strRow, 5120-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", name);
			hFile.Write(strRow, static_cast<UINT>(strlen(strRow)));
			memset(strRow, 0, sizeof(strRow));
			_snprintf_s(strRow, 5120-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", version);
			hFile.Write(strRow, static_cast<UINT>(strlen(strRow)));
			memset(strRow, 0, sizeof(strRow));
			_snprintf_s(strRow, 5120-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", process);
			hFile.Write(strRow, static_cast<UINT>(strlen(strRow)));
			memset(strRow, 0, sizeof(strRow));
			_snprintf_s(strRow, 5120-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", mac);
			hFile.Write(strRow, static_cast<UINT>(strlen(strRow)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	return;
}

// 联网痕迹-深度
void Write_NetTrace_Deep(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);
	//else
		//cPath1= UnicodeToANSI(XmlPath1);//

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto  eResult = xmlDoc.LoadFile(cPath1);	 
	auto pRoot = xmlDoc.RootElement();	
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("Net_Deep_Check"); 
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "net_open_time");

		Write_Attribute(hFile, pElement, "net_url");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10240-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		pElement = pElement->NextSiblingElement("Net_Deep_Check");
	}
	delete []cMac;
	delete []cPath1;
}

// 网络连接
void Write_Port(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);//
	//else
		//cPath1= UnicodeToANSI(XmlPath1);

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);	 
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("Sys_Port_Info");
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		//const char * NetPort = pElement->FirstChildElement("net_port")->GetText();
		//char * cNetPort = UnicodeToUtf8(ANSI2UNICODE(NetPort));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cNetPort);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_port");

		//const char * Portocol = pElement->FirstChildElement("net_protocol")->GetText();
		//char * cPortocol = UnicodeToUtf8(ANSI2UNICODE(Portocol));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cPortocol);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_protocol");

		//const char * LocalIp = pElement->FirstChildElement("net_local_ip")->GetText();
		//char * cLocalIp = UnicodeToUtf8(ANSI2UNICODE(LocalIp));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cLocalIp);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_local_ip");

		//const char * RemoteIP = pElement->FirstChildElement("net_remote_ip")->GetText();
		//char * cRemoteIP = UnicodeToUtf8(ANSI2UNICODE(RemoteIP));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cRemoteIP);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_remote_ip");

		//const char * Status = pElement->FirstChildElement("net_status")->GetText();
		//char * cStatus = UnicodeToUtf8(ANSI2UNICODE(Status));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cStatus);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_status");

		//const char * Pid = pElement->FirstChildElement("net_pid")->GetText();
		//char * cPid = UnicodeToUtf8(ANSI2UNICODE(Pid));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cPid);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_pid");

		//const char * PName = pElement->FirstChildElement("net_pname")->GetText();
		//char * cPName = UnicodeToUtf8(ANSI2UNICODE(PName));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cPName);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "net_pname");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10240-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		pElement = pElement->NextSiblingElement("Sys_Port_Info");
	}
	delete []cMac;
	delete []cPath1;
}

void WritePortForDb(CStdioFile&hFile, sqlite3*db)
{
	sqlite3 * m_hSql = db;
	int ret;
	char ** dbResult = NULL;
	int nRow1, nColumn;
	int i, j, index;
	char * errMsg = NULL;

	CString cField = NULL; //字段名
	char * port = NULL;
	char * protocol = NULL;
	char * localIp = NULL;
	char * remoteIp = NULL;
	char * status = NULL;
	char * pid = NULL;
	char * pname = NULL;
	char nRow[2048];
	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);

	const char *sql = "select net_port,net_protocol,net_local_ip,net_remote_ip,net_status,net_pid,net_pname from Sys_Port_Info";
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow1, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow1; i++)
		{
			port = NULL;
			protocol = NULL;
			localIp = NULL;
			remoteIp = NULL;
			status = NULL;
			pid = NULL;
			pname = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("net_port"))
				{
					port = dbResult[index];
				}
				else if(cField == _T("net_protocol"))
				{
					protocol = dbResult[index];
				}
				else if(cField == _T("net_local_ip"))
				{
					localIp = dbResult[index];
				}
				else if(cField == _T("net_remote_ip"))
				{
					remoteIp = dbResult[index];
				}
				else if(cField == _T("net_status"))
				{
					status = dbResult[index];
				}
				else if(cField == _T("net_pid"))
				{
					pid = dbResult[index];
				}
				else if(cField == _T("net_pname"))
				{
					pname = dbResult[index];
				}

				index++;
			}
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", port);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", protocol);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", localIp);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", remoteIp);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", status);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", pid);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", pname);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	if(cMac != NULL)
	{
		delete[]cMac;
		cMac = NULL;
	}

}

// 进程
void Write_Process(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("HostAssetInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("HostAssetInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);//
	//else 
		//cPath1 = UnicodeToANSI(XmlPath1);//

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);	 
	auto pRoot = xmlDoc.RootElement();	
	if(pRoot == nullptr)
		return;
	char nRow[1024] = {0};
	auto pElement = pRoot->FirstChildElement("Process"); 
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "pro_name");

		Write_Attribute(hFile, pElement, "pro_id");

		Write_Attribute(hFile, pElement, "signature_situation");

		Write_Attribute(hFile, pElement, "correspond_software");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement("Process");
	}
	delete []cMac;
	delete []cPath1;

}

void WriteProcessForDb(CStdioFile&hFile, sqlite3*db)
{
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);

	char str[512];
	CString cField = NULL; //字段名
	char *proId = NULL;
	char *proName = NULL;
	char *signature = NULL;
	char *software = NULL;

	const char *sql = "select pro_id, pro_name, signature_situation, correspond_software from Process";
	ret = sqlite3_get_table(db, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			proId = NULL;
			proName = NULL;
			signature = NULL;
			software = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("pro_id"))
				{
					proId = dbResult[index];
				}
				else if(cField == _T("pro_name"))
				{
					proName = dbResult[index]; 
				}
				else if(cField == _T("signature_situation"))
				{
					signature = dbResult[index];
				}
				else if(cField == _T("correspond_software"))
				{
					software = dbResult[index];
				}
				index++;
			}
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 512-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", proName);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 512-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", proId);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 512-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", signature);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 512-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", software);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
			hFile.Write(str, static_cast<UINT>(strlen(str)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	if(cMac != NULL)
	{
		delete []cMac;
		cMac = NULL;
	}
}

// 服务
void Write_Service(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("HostAssetInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("HostAssetInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);
	//else
		//cPath1= UnicodeToANSI(XmlPath1);//

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("Service");
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		//const char * ServiceName = pElement->FirstChildElement("service_name")->GetText();
		//char * cServiceName = UnicodeToUtf8(ANSI2UNICODE(ServiceName));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cServiceName);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "service_name");

		//const char * ProcessID = pElement->FirstChildElement("process_id")->GetText();
		//char * cProcessID = UnicodeToUtf8(ANSI2UNICODE(ProcessID));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cProcessID);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "process_id");

		//const char * ProcessName= pElement->FirstChildElement("process_name")->GetText();
		//char * cProcessName = UnicodeToUtf8(ANSI2UNICODE(ProcessName));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cProcessName);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "process_name");

		//const char * StartType = pElement->FirstChildElement("start_type")->GetText();
		//char * cStartType = UnicodeToUtf8(ANSI2UNICODE(StartType));
		//memset(nRow, 0, sizeof(nRow));
		//sprintf(nRow, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cStartType);
		//hFile.Write(nRow, strlen(nRow));

		Write_Attribute(hFile, pElement, "start_type");

		Write_Attribute(hFile, pElement, "signature_situation");

		Write_Attribute(hFile, pElement, "correspond_software");

		Write_Attribute(hFile, pElement, "service_des");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10240-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement("Service");
	}
	delete []cMac;
	delete []cPath1;
}

void WriteServiceForDb(CStdioFile&hFile, sqlite3*db)
{
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;

	char str[1024];
	CString cField = NULL; //字段名
	char *SvcName = NULL;
	char *PcsID = NULL;
	char *PcsName = NULL;
	char *StartType = NULL;
	char *Signature = NULL;
	char *SoftWare = NULL;
	char *Desc = NULL;
	char *Mac = NULL;

	const char *sql = "select * from Service";
	ret = sqlite3_get_table(db, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			SvcName = NULL;
			PcsID = NULL;
			PcsName = NULL;
			StartType = NULL;
			Signature = NULL;
			SoftWare = NULL;
			Desc = NULL;
			Mac = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("service_name"))
				{
					SvcName = dbResult[index];
				}
				else if(cField == _T("process_id"))
				{
					PcsID = dbResult[index];
				}
				else if(cField == _T("process_name"))
				{
					PcsName = dbResult[index];
				}
				else if(cField == _T("start_type"))
				{
					StartType = dbResult[index];
				}
				else if(cField == _T("signature_situation"))
				{
					Signature = dbResult[index];
				}
				else if(cField == _T("correspond_software"))
				{
					SoftWare = dbResult[index];
				}
				else if(cField == _T("service_des"))
				{
					Desc = dbResult[index];
				}
				else if(cField == _T("mac_address"))
				{
					Mac = dbResult[index];
				}
				index++;
			}
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", SvcName);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", PcsID);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", PcsName);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", StartType);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", Signature);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", SoftWare);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", Desc);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", Mac);
			hFile.Write(str, static_cast<UINT>(strlen(str)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	return;
}

// type  安装软件1   邮件客户端2  即时通讯软件3
void Write_SoftWare(CStdioFile&hFile, int type)
{
	CString dbName = CTOOLBOX4App::ms_strFullResultPath;
	dbName  += _T("\\主机层\\hongtan004.db");
	char * pDbName = UnicodeToUtf8(dbName);

	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	// 打开数据库
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("数据库打开失败-05"), _T("错误"), MB_ICONERROR);
		exit(-10);
	}
	char sql[256];
	memset(sql, 0, sizeof(sql));
	_snprintf_s(sql, 256-1, "select software_name,software_company,software_version,install_path,install_date,mac_address from Key_Software where soft_type = %d", type);
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		char cRt[1024] = {0};
		for (i = 0; i < nRow; i++)
		{
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				if(strcmp(dbResult[j], "software_name") == 0)
				{
					memset(cRt, 0, sizeof(cRt));
					_snprintf_s(cRt, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(cRt, static_cast<UINT>(strlen(cRt)));
				}
				else if(strcmp(dbResult[j], "software_company") == 0)
				{
					memset(cRt, 0, sizeof(cRt));
					_snprintf_s(cRt, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(cRt, static_cast<UINT>(strlen(cRt)));
				}
				else if(strcmp(dbResult[j], "software_version") == 0)
				{
					memset(cRt, 0, sizeof(cRt));
					_snprintf_s(cRt, 1023, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(cRt, static_cast<UINT>(strlen(cRt)));
				}
				else if(strcmp(dbResult[j], "install_path") == 0)
				{
					memset(cRt, 0, sizeof(cRt));
					_snprintf_s(cRt, 1023, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(cRt, static_cast<UINT>(strlen(cRt)));
				}
				else if(strcmp(dbResult[j], "install_date") == 0)
				{
					memset(cRt, 0, sizeof(cRt));
					_snprintf_s(cRt, 1023, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(cRt, static_cast<UINT>(strlen(cRt)));
				}
				else if(strcmp(dbResult[j], "mac_address") == 0)
				{
					memset(cRt, 0, sizeof(cRt));
					_snprintf_s(cRt, 1023, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", dbResult[index]);
					hFile.Write(cRt, static_cast<UINT>(strlen(cRt)));
				}
				index++;
			}
			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}
	sqlite3_close(m_hSql);
	delete []pDbName;
}

// 安全基线 
void Write_SecBaseLine(CStdioFile&hFile, CString ElementName)
{

	char * cBaseLine = UnicodeToANSI(ElementName);

	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);
	//else
		//cPath1 = UnicodeToANSI(XmlPath1);//

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);	 
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement(cBaseLine);
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "name");
		Write_Attribute(hFile, pElement, "reference");
		Write_Attribute(hFile, pElement, "real");
		Write_Attribute(hFile, pElement, "compare");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10240-1,"\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement(cBaseLine);
	}
	delete []cMac;
	delete []cPath1;
}

void WriteSecBaseLineForDb(CStdioFile&hFile, sqlite3*db, int type)
{
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;

	char str[1024];
	CString cField = NULL; //字段名
	char *cName = NULL;
	char *cRef = NULL;
	char *cReal = NULL;
	char *cComp = NULL;
	char *cMac = NULL;

	char sql[256] = {0};
	memset(sql, 0, sizeof(char)*256);
	sprintf_s(sql, "select * from Sec_Base_Line where sec_type = '%d'", type);
	ret = sqlite3_get_table(db, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			cName = NULL;
			cRef = NULL;
			cReal = NULL;
			cComp = NULL;
			cMac = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = dbResult[j];
				if(cField == _T("name"))
				{
					cName = dbResult[index];
				}
				else if(cField == _T("reference"))
				{
					cRef = dbResult[index];
				}
				else if(cField == _T("real"))
				{
					cReal = dbResult[index];
				}
				else if(cField == _T("compare"))
				{
					cComp = dbResult[index];
				}
				else if(cField == _T("mac_address"))
				{
					cMac = dbResult[index];
				}
				index++;
			}
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cName);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cRef);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cReal);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cComp);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
			hFile.Write(str, static_cast<UINT>(strlen(str)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	return;
}

// 文件共享
void Write_FileShare(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);//
	//else
		//cPath1 = UnicodeToANSI(XmlPath1);

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("File_Share_Info");
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "Name");
		Write_Attribute(hFile, pElement, "Path");
		Write_Attribute(hFile, pElement, "Privilege");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10239, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement("File_Share_Info");
	}

	delete []cMac;
	delete []cPath1;

}

void WriteFileShareForDb(CStdioFile&hFile, sqlite3*db)
{
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);

	char str[1024];
	CString cField = NULL; //字段名

	char *cName = NULL;
	char *cPath = NULL;
	char *cprivilege = NULL;


	const char *sql = "select name, path, privilege from File_Share_Info";
	ret = sqlite3_get_table(db, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			cName = NULL;
			cPath = NULL;
			cprivilege = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("name"))
				{
					cName = dbResult[index];
				}
				else if(cField == _T("path"))
				{
					cPath = dbResult[index];
				}
				else if(cField == _T("privilege"))
				{
					cprivilege = dbResult[index];
				}
				index++;
			}
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cName);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cPath);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cprivilege);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
			hFile.Write(str, static_cast<UINT>(strlen(str)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	if(cMac != NULL)
	{
		delete []cMac;
		cMac = NULL;
	}
}

// USB插拔记录-轻度
void Write_UsbTrace(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);//
	//else 
		//cPath1 = UnicodeToANSI(XmlPath1);//

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("Usb_Light");
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "type");
		Write_Attribute(hFile, pElement, "usb_name");
		Write_Attribute(hFile, pElement, "usb_sn");
		Write_Attribute(hFile, pElement, "vid");
		Write_Attribute(hFile, pElement, "pid");
		Write_Attribute(hFile, pElement, "model");
		Write_Attribute(hFile, pElement, "firm");
		Write_Attribute(hFile, pElement, "first_time");
		Write_Attribute(hFile, pElement, "last_time");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10239, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement("Usb_Light");
	}

	delete []cMac;
	delete []cPath1;
}

void WriteUsbLightForDb(CStdioFile&hFile, sqlite3*db)
{
	int ret;
	char ** dbResult = NULL;
	int nRow, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);

	char str[1024];
	CString cField = NULL; //字段名

	char *type = NULL;
	char *name = NULL;
	char *sn = NULL;
	char *vid = NULL;
	char *pid = NULL;
	char *model = NULL;
	char *firm = NULL;
	char *first_time = NULL;
	char *last_time = NULL;
	char *mac_address = NULL;

	const char *sql = "select * from Usb_Light";
	ret = sqlite3_get_table(db, sql, &dbResult, &nRow, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow; i++)
		{
			type = NULL;
			name = NULL;
			sn = NULL;
			vid = NULL;
			pid = NULL;
			model = NULL;
			firm = NULL;
			first_time = NULL;
			last_time = NULL;
			mac_address = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("type"))
				{
					type = dbResult[index];
				}
				else if(cField == _T("usb_name"))
				{
					name = dbResult[index];
				}
				else if(cField == _T("usb_sn"))
				{
					sn = dbResult[index];
				}
				else if(cField == _T("vid"))
				{
					vid = dbResult[index];
				}
				else if(cField == _T("pid"))
				{
					pid = dbResult[index];
				}
				else if(cField == _T("model"))
				{
					model = dbResult[index];
				}
				else if(cField == _T("firm"))
				{
					firm = dbResult[index];
				}
				else if(cField == _T("first_time"))
				{
					first_time = dbResult[index];
				}
				else if(cField == _T("last_time"))
				{
					last_time = dbResult[index];
				}
				else if(cField == _T("mac_address"))
				{
					mac_address = dbResult[index];
				}
				index++;
			}
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", type);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", name);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", sn);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", vid);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", pid);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", model);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", firm);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", first_time);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", last_time);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			memset(str, 0, sizeof(str));
			_snprintf_s(str, 1024-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", mac_address);
			hFile.Write(str, static_cast<UINT>(strlen(str)));
			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}




}

// USB插拔记录-深度
void Write_UsbTrace_Deep(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SystemInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SystemInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1= UnicodeToANSI(XmlPath_);//
	//else
		//cPath1 = UnicodeToANSI(XmlPath1);//

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("Usb_Deep");
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "type");
		Write_Attribute(hFile, pElement, "usb_name");
		Write_Attribute(hFile, pElement, "usb_sn");
		Write_Attribute(hFile, pElement, "vid");
		Write_Attribute(hFile, pElement, "pid");
		Write_Attribute(hFile, pElement, "first_time");
		Write_Attribute(hFile, pElement, "last_time");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10239, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement("Usb_Deep");
	}

	delete []cMac;
	delete []cPath1;
}

// 主机日志
void Write_SecLog(CStdioFile&hFile)
{
	CString XmlPath = CTOOLBOX4App::ms_strFullResultPath;
	XmlPath += _T("主机层\\");
	//CString XmlPath1 = XmlPath + _T("SecurityLogInfoResult.xml");
	CString XmlPath_ = XmlPath + _T("SecurityLogInfoResult.ydxml");
	char * cPath1;
	//if(IsFileExist(XmlPath_))
		cPath1 = UnicodeToANSI(XmlPath_);
	//else
		//cPath1 = UnicodeToANSI(XmlPath1);

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);//
	tinyxml2::XMLDocument xmlDoc;	
	auto eResult = xmlDoc.LoadFile(cPath1);	 
	auto pRoot = xmlDoc.RootElement();
	if(pRoot == nullptr)
		return;
	char nRow[10240] = {0};
	auto pElement = pRoot->FirstChildElement("Security_Log");
	while(pElement != NULL)
	{
		hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));

		Write_Attribute(hFile, pElement, "event_level");
		Write_Attribute(hFile, pElement, "date");
		Write_Attribute(hFile, pElement, "source");
		Write_Attribute(hFile, pElement, "event_id");
		Write_Attribute(hFile, pElement, "task_type");
		Write_Attribute(hFile, pElement, "describe");

		memset(nRow, 0, sizeof(nRow));
		_snprintf_s(nRow, 10239, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
		hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

		hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));

		pElement = pElement->NextSiblingElement("Security_Log");
	}

	delete []cMac;
	delete []cPath1;
}

void Write_SecLogForDb(CStdioFile&hFile)
{
	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	int nRow1, nColumn;
	int i, j, index;
	char * errMsg = NULL;
	// 打开数据库
	CString dbName = CTOOLBOX4App::ms_strFullResultPath;
	dbName += _T("主机层\\hongtan004.db");
	char * pDbName = UnicodeToUtf8(dbName); 
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		AfxMessageBox(_T("打开数据库失败-html_log!"));
		OutputDebugString(_T("打开数据库失败-html_log!"));
		exit(-2);
	}

	char * cMac = UnicodeToUtf8(CTOOLBOX4App::ms_strMacAddr);

	CString cField = _T(""); //字段名

	char *cLevel = NULL;
	char *cDate = NULL;
	char *cSource = NULL;
	char *cEvent_id = NULL;
	char *cTask_type = NULL;
	char *cDescribe = NULL;
	char nRow[2048];
	
	const char *sql = "select * from Win_Sec_Log";
	ret = sqlite3_get_table(m_hSql, sql, &dbResult, &nRow1, &nColumn, &errMsg);
	if(ret == SQLITE_OK)
	{
		index = nColumn;
		for (i = 0; i < nRow1; i++)
		{
			cLevel = NULL;
			cDate = NULL;
			cSource = NULL;
			cEvent_id = NULL;
			cTask_type = NULL;
			cDescribe = NULL;
			hFile.Write("\n\t\t\t\t\t\t\t\t<tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t<tr>")));
			for (j = 0; j < nColumn; j++)
			{
				//字段名:dbResult[j], 值:dbResult[index];
				cField = UTF82WCS(dbResult[j]);
				if(cField == _T("event_level"))
				{
					cLevel = dbResult[index];
				}
				else if(cField == _T("date"))
				{
					cDate = dbResult[index];
				}
				else if(cField == _T("source"))
				{
					cSource = dbResult[index];
				}
				else if(cField == _T("event_id"))
				{
					cEvent_id = dbResult[index];
				}
				else if(cField == _T("task_type"))
				{
					cTask_type = dbResult[index];
				}
				else if(cField == _T("describe"))
				{
					cDescribe = dbResult[index];
				}

				index++;
			}
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cLevel);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cDate);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cSource);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cEvent_id);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cTask_type);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cDescribe);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));
			memset(nRow, 0, sizeof(nRow));
			_snprintf_s(nRow, 2048-1, "\n\t\t\t\t\t\t\t\t\t<td>%s</td>", cMac);
			hFile.Write(nRow, static_cast<UINT>(strlen(nRow)));

			hFile.Write("\n\t\t\t\t\t\t\t\t</tr>", static_cast<UINT>(strlen("\n\t\t\t\t\t\t\t\t</tr>")));
		}
		sqlite3_free_table(dbResult);	// 释放结果
	}

	if(cMac != NULL)
	{
		delete []cMac;
		cMac = NULL;
	}
	
	sqlite3_close(m_hSql);
}

// *生成完整的html文件
void CDisposeResult::BuildHtml()
{
	//if(!IsFreeSpace(GetDiskSpace()))
	//{
	//	MessageBox(_T("剩余空间不足以存储结果展示文件!"), _T("空间不足"), MB_ICONERROR);
	//	return;
	//}
	const char * prev = "\t\t\t\t\t\t\t\t<tr>";
	const char * back = "\t\t\t\t\t\t\t\t</tr>";

	//CString WebResult;
	//WebResult = CTOOLBOX4App::ms_strFullResultPath;
	//WebResult += _T("WebAttackAction");
	//vector<CString> vSubDirName;
	//YDGetSubDirectory(WebResult, vSubDirName);

	// 打开数据库
	CString dbName = CTOOLBOX4App::ms_strFullResultPath;
	dbName += _T("主机层\\hongtan004.db");
	char * pDbName = UnicodeToUtf8(dbName); 
	int ret = sqlite3_open(pDbName, &sDb);
	if(ret != SQLITE_OK)
	{
		AfxMessageBox(_T("打开数据库失败-html_log!"));
		OutputDebugString(_T("打开数据库失败-html_log!"));
		exit(-2);
	}
	if(pDbName != NULL)
	{
		delete []pDbName;
		pDbName = NULL;
	}

	tinyxml2::XMLDocument xmlDoc;

	// 写文件  
	CString HtmlPath = CTOOLBOX4App::ms_strFullResultPath;
	HtmlPath += _T("html\\index.html");
	CStdioFile f2;
	if(!f2.Open(HtmlPath, CFile::modeWrite|CFile::modeCreate /*|CFile::typeBinary*/))
	{
		OutputDebugString(_T("open html1 failed"));
		exit(-1);
	}
	// html模板 1
	WriteHtml(f2, CDisposeResult::m_vCaption);			// 恶意文件
	CString FileName = CTOOLBOX4App::ms_strFullResultPath;
	FileName += _T("主机层\\hongtan004.db");

	// 写结果 1
	char sql[256];
	memset(sql, 0, sizeof(sql));
	_snprintf_s(sql, 255, "select file_name,md5,sha256,rule_match,type from Other_Action where type != 3");
	GetWebResultFromDb(FileName, f2, sql);
	WriteHtml(f2, CDisposeResult::m_vContent1);			// 不良言论
	memset(sql, 0, sizeof(sql));
	_snprintf_s(sql, 255, "select file_name,file_desc from Other_Action where type = 3");
	GetWebResultFromDb(FileName, f2, sql);
	WriteHtml(f2, CDisposeResult::m_vContent2);			// 攻击行为
	//Write_AttackBehavior(f2, FileName);
	Write_AttackBehavior2(f2,FileName);
	WriteHtml(f2, CDisposeResult::m_vContent3);			// 攻击来源
	Write_AttackSource(f2, FileName);
	WriteHtml(f2, CDisposeResult::m_vContent4);			// 攻击工具
	Write_AttackTool(f2, FileName);
	WriteHtml(f2, CDisposeResult::m_vContent5);			// 病毒检测
	Write_VirusDetection(f2);
	WriteHtml(f2, CDisposeResult::m_vContent6);			// 文件操作痕迹
	Write_FileOperatoin(f2);
	WriteHtml(f2, CDisposeResult::m_vContent65);		// 联网痕迹-轻度
	//Write_NetTrace(f2);
	WriteNetTraceForDb(f2, sDb);
	WriteHtml(f2, CDisposeResult::m_vContent7);			// 联网痕迹-深度
	Write_NetTrace_Deep(f2);
	WriteHtml(f2, CDisposeResult::m_vContent8);			// USB插拔记录-轻度
	//Write_UsbTrace(f2);
	WriteUsbLightForDb(f2, sDb);
	WriteHtml(f2, CDisposeResult::m_vContent9);			// USB插拔记录-深度
	Write_UsbTrace_Deep(f2);
	WriteHtml(f2, CDisposeResult::m_vContent10);		// 基线-授权安全
	//Write_SecBaseLine(f2, _T("Auth_Bsa"));
	WriteSecBaseLineForDb(f2, sDb, 1);
	WriteHtml(f2, CDisposeResult::m_vContent11);		// 基线-账户安全
	//Write_SecBaseLine(f2, _T("Account_Bsa"));
	WriteSecBaseLineForDb(f2, sDb, 2);
	WriteHtml(f2, CDisposeResult::m_vContent12);		// 基线-服务访问安全
	//Write_SecBaseLine(f2, _T("Service_Bsa"));
	WriteSecBaseLineForDb(f2, sDb, 3);
	WriteHtml(f2, CDisposeResult::m_vContent13);		// 基线-口令安全
	//Write_SecBaseLine(f2, _T("Password_Bsa"));
	WriteSecBaseLineForDb(f2, sDb, 4);
	WriteHtml(f2, CDisposeResult::m_vContent14);		// 基线-网络访问安全
	//Write_SecBaseLine(f2, _T("Net_Acc_Ctrl_Bsa"));
	WriteSecBaseLineForDb(f2, sDb, 5);
	WriteHtml(f2, CDisposeResult::m_vContent15);		// 基线-文件访问安全
	//Write_SecBaseLine(f2, _T("File_Acc_Ctrl_Bsa"));
	WriteSecBaseLineForDb(f2, sDb, 6);
	WriteHtml(f2, CDisposeResult::m_vContent16);		// 网络连接
	//Write_Port(f2);
	WritePortForDb(f2, sDb);
	WriteHtml(f2, CDisposeResult::m_vContent17);		// 进程
	//Write_Process(f2);
	WriteProcessForDb(f2, sDb);
	WriteHtml(f2, CDisposeResult::m_vContent18);		// 服务
	//Write_Service(f2);
	WriteServiceForDb(f2, sDb);
	WriteHtml(f2, CDisposeResult::m_vContent19);		// 安装软件
	Write_SoftWare(f2, 1);
	WriteHtml(f2, CDisposeResult::m_vContent20);		// 即时通讯软件
	Write_SoftWare(f2, 3);
	WriteHtml(f2, CDisposeResult::m_vContent21);		// 邮件客户端
	Write_SoftWare(f2, 2);
	WriteHtml(f2, CDisposeResult::m_vContent22);		// 文件共享
	//Write_FileShare(f2);
	WriteFileShareForDb(f2, sDb);
	WriteHtml(f2, CDisposeResult::m_vEnding);
	f2.Close();
	sqlite3_close(sDb);
}

// *生成 主机日志 html文件
void CDisposeResult::BuildLogHtml()
{
	//if(!IsFreeSpace(GetDiskSpace()))
	//{
	//	MessageBox(_T("剩余空间不足以存储结果展示文件!"), _T("空间不足"), MB_ICONERROR);
	//	return;
	//}
	TCHAR* pFileName2= new TCHAR[MAX_PATH];
	if(CTOOLBOX4App::m_bisUDisk)
	{
		_snwprintf_s(pFileName2, sizeof(pFileName2), MAX_PATH-1,_T("%s\\采集结果\\%s\\html\\hostNote.html"), CTOOLBOX4App::m_strSavePathKey.GetBuffer(), CTOOLBOX4App::ms_strMacAddr.GetBuffer());
	}
	else 
	{
		_snwprintf_s(pFileName2, sizeof(pFileName2),MAX_PATH-1, _T("%s\\采集工具\\采集结果\\%s\\html\\hostNote.html"), CTOOLBOX4App::m_strSavePath.GetBuffer(), CTOOLBOX4App::ms_strMacAddr.GetBuffer());
		//TCHAR* pFileName2 = _T("C:\\Users\\Administrator\\Desktop\\采集工具\\结果.html");
	}
	CStdioFile f2;
	if(!f2.Open(pFileName2, CFile::modeWrite|CFile::modeCreate /*|CFile::typeBinary*/))
	{
		AfxMessageBox(_T("打开html文件错误,请检查html文件是否存在!"));
		exit(-1);
	}
	if(pFileName2 != NULL)
		delete []pFileName2;
	WriteHtml(f2, CDisposeResult::m_vLogCaption1);
	//Write_SecLog(f2);
	Write_SecLogForDb(f2);
	WriteHtml(f2, CDisposeResult::m_vLogCaption2);

	//WriteHtml(f2, CDisposeResult::m_vLogCaption1);
	//WriteResult(f2,CDisposeResult::m_vSysLogRstLast);
	//WriteHtml(f2, CDisposeResult::m_vLogCaption2);
	//WriteResult(f2,CDisposeResult::m_vAppLogRstLast);
	//WriteHtml(f2, CDisposeResult::m_vLogCaption3);
	//WriteResult(f2,CDisposeResult::m_vSecLogRstLast);
	//WriteHtml(f2, CDisposeResult::m_vLogCaption4);

	f2.Close();

}

////↑容器////读xml文件↓//////////////////////////////修改 结果展示数据来源,从容器改为读xml文件
void CDisposeResult::DisplayHtml()
{
	m_strModPath = GetModulePath().c_str();
	m_strModPath += _T("\\");


}


void CDisposeResult::ImportFlag()
{
	CString dbName = CTOOLBOX4App::ms_strFullResultPath;
	dbName  += _T("\\主机层\\hongtan004.db");
	char * pDbName = UnicodeToUtf8(dbName);

	sqlite3 * m_hSql;
	int ret;
	char ** dbResult = NULL;
	char * errMsg = NULL;
	// 打开数据库
	ret = sqlite3_open(pDbName, &m_hSql);
	if(ret != SQLITE_OK)
	{
		//MessageBox(NULL, _T("数据库打开失败-05"), _T("错误"), MB_ICONERROR);
		return;
	}

	CString guid = NewGUID();
	char * cGuid = UnicodeToUtf8(guid);

	// 插入数据
	char sql[256];
	memset(sql, 0, sizeof(sql));
	_snprintf_s(sql, 255, "update IsUsed set UUID = '%s'", cGuid);
	ret = sqlite3_exec(m_hSql, sql, NULL, NULL, &errMsg);
	if(errMsg != NULL)
	{
		//MessageBox(NULL, UTF82WCS(errMsg), _T("错误"), MB_ICONERROR);
		sqlite3_free(errMsg);
	}

	if(cGuid != NULL)
		delete cGuid;
	if(pDbName != NULL)
		delete pDbName;

	sqlite3_close(m_hSql);

	return;
}


BEGIN_MESSAGE_MAP(CDisposeResult, CWnd)
END_MESSAGE_MAP()


unsigned Folctosqlite3Thread(LPVOID lpvParam)
{
	int ret;
	sqlite3 * pSql;
	CString strDbName = CTOOLBOX4App::ms_strFullResultPath;
	strDbName += _T("主机层\\hongtan004.db");
	char * dbName = UnicodeToUtf8(strDbName);//
	ret = sqlite3_open(dbName, &pSql);
	if(ret != SQLITE_OK)
	{
		MessageBox(NULL, _T("打开数据库失败"), _T("错误"), MB_ICONERROR);
		exit(-5);
	}
	// 
	for(std::vector<PFILEOPRATIONLIGHTCHECK>::iterator it = CDisposeResult::m_vFilOprationLightCheck.begin(); it != CDisposeResult::m_vFilOprationLightCheck.end(); it++)
	{
		char *errMsg = NULL;
		int ret;
		CString guid = NewGUID();
		//char * cGuid = UnicodeToUtf8(guid);//
		//char sql[1024] = {0};
		CString strSql;
		CString FileName = (*it)->fileName;
		CString FilePath = (*it)->filePath;
		CString FileType = (*it)->fileType;
		FileName.Replace(_T("\'"), _T("\'\'"));
		FilePath.Replace(_T("\'"), _T("\'\'"));
		strSql.Format(TEXT("insert into File_Operation_Light(")
			TEXT("file_operation_light_id,")
			TEXT("file_name,")
			TEXT("file_path,")
			TEXT("operate_time,")
			TEXT("file_type,")
			TEXT("mac_address,")
			TEXT("related_file,")
			TEXT("event_task_id) values('%s','%s','%s','%s','%s','%s','','%s')"),
			guid,
			FileName,
			FilePath,
			(*it)->operateTime,
			FileType,
			CTOOLBOX4App::ms_strMacAddr,
			CModule::m_csEventTaskId);
		char *sql = UnicodeToUtf8(strSql);
		ret = sqlite3_exec(pSql, sql, NULL, NULL, &errMsg);
		if(errMsg != NULL)
		{
			OutputDebugString(UTF82WCS(errMsg));
			exit(-6);
		}
		sqlite3_free(errMsg);
		delete []sql;
	}
	sqlite3_close(pSql);
	return 0;
}
// CDisposeResult message handlers
